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(Ojjj Cija FOOTPRINTING CONCEPTS 2.1 



CjI jSII t> ^ all majJl £ jU (Jfl.ffi.nV AjjWlt c_J j^JI Ajl*jZ\ jU JL cJu^xjIU RECONNAISSANCE 

Q\ 6.jIc ^^-istJ I.AA J 6(il3il <jLulxi JJ jJAx^l 4_xJaj| J LiA LgI . Jj£Lalx> ^a J>(^ jl (JjlVlN J-J*^ (j^ J^ <J J> <^>^^ <L^j^3l 

cJj£ ^Uail! djlL^a j lJ^JI a^iA\ Jj^ aA jjla JjI^j L-i jjuj j£1$JI jl "Penetration testing" <jl j^*^ 

£*j) CjVI^JI Jj jJj jjc. <LlaJI J o^lc ja ^^ILIojVI .Footprinting 3 jU* 11 *>^a Liajl l-a^xjj m ^ j^gJI 

4^1 <JxujjJ ^!>lLluiVI A )\aC . Jc ^Jlxal _4j till Jj^a-a JJC. ^aUaj £x> J-alxJJ tdjV (4_iJ jjtall SjjAaII fJ-^ ^ J fc UJ^ a * 

t fl^A <J clA^ J^ dlLa jlx-<Jl (jxa -^-^ jfi* A W JIj^jVI iaUxi j tJjistjaLill ^aUaj j t^ju ^illl ^ jj JlLd tdlLi jlx-<Jl £x^J A aW)^\ 

tLjajl .^jlill J^VI ^aUaill t . n Vll <L Ja JjJaSl (jc ^LjaS tJjljIkVI L_fl,JA ^jjaaol Jail ^JjujI j J^-joiI AjAaol JjJaSl 4_j^J ( . lla>J 

IaK t^j^A ji&l fr<< LaK" ; jj^ uJI Jl jSVI (j-^j jj 1 <a^ll Jc- Jxa ,jj£ ^ j?^^ cJf^^ ( . \ u "j ^-^J^ (j -0 L 

" ^ IjjlS 

<jujjUu» (3^*^ ( " ^ djli (jj^j ja. cjUUJI ^jV ^Hij '^jj^ (3^^j lalujVI cIjLAao ^jUj > ^ ^jl VJ *y , j 

# I^J ^^.l^<Jl (jjillaJj tdiljUJl (JlLd ^^Jc J jj^^J! ^aJ c flj£ I j3^>su ^jl ^jj^JjJ fc^lli J ^^IaslSI 1 ^ L-fl jjuj Uiajl .(jljlkVI 

^ ^jia^sJl jV tAjU^ll 4^ LaJ 6^1^ L-boul "CjUi jIslxJI C5 lc dL^a tiljL" f^'j ■ L - J ^^^ J JJ^a^il <>»J^J ^aJ ^2J| GOOgle 



(^j. cjjS CjUIk^) FOOTPRINTING TERMINOLOGY 



■ U^^ j Footprinting ? ^ CjUik^JI .Footprinting 



OPEN SOURCE OR PASSIVE INFORMATION GATHERING (OSINT) 

jjlfij L_fl^JU jjujUxJI JIj^jVI ^c^j V ji51 I^a ,^1x^13 4_^.ll<i (jjSj CjUj jLlxJI d^Aj 4_^ll<JI <xjIxJI 
iajl j^JIj blogsj ^ j t i > >ij^ l!^ (^c-U^Vl jiill j>»j ^jjj jitillj ; JVI J-^-uu CjLa j]x.a11 A^Ia 4lt/4AjHiAll jjl <n a1) 

.Ia jjc. j <J^.j^.j 

^Uaj j diijjjyi Jc J jj^a jll <Lli3l ip ^jjjUcj (network range) ^yMI jUaj Jia djUi jlx-<JI ^ ^ jill 11a ^1,^1 mU 



J ^£^j3I CjUIIj TCP J' UDP J-^ j^ jJj^>Jj l_A^JI ^ It. I^I^IujI ^jj Jll 4-yjll ^a^l j^. djlknlajj ^istjaLill 

l^£A j (JSjoallll L a u& A AiaJ )j lajl l 4_ijjj J j > ^ jll 

ACTIVE INFORMATION GATHERING 



(jlasu ^1 jljl ^jjl jl^J C— U^J _L_fl^Jl A aW)a\\ J^a J-« Jc UjajLojl jj^jjlU ^jjxijlj ^1x^.1^31 ^jli dlLa jlx-<Jl J-^- (J-ft ^ I^A J 
_L_fl^Jl 4^<JaixJl £a SjjujLia (J>ilxj3l ^jj Ua .4_icLal^.Vl ^ > » ll^ II ~l I^JLujI ^jj^la ^jc (j;i^a jxJl ^VjA £y± C1jL<» jIslxJI 



ANONYMOUS FOOTPRINTING 



m Al j(g > a j^L^axi ^xi dilxi jlst-<Jl £xi^ A)\aC. Jl ^iwjj I^A 



PSEUDONYMOUS FOOTPRINTING 

jjuij (j^J ^— ^ .< ; ul^ll ^jojU 6jjujLlxi <iaJJj>» JJC. (j^lj Cljjljyi A£jjuj Jc Ia JjoU ^aJ j^L^axa ^jxi dilxi jIslxJI ^xi^. A-lLftC Jl JjJjoiJ I^A 
^Llxs J^JI Cjl^-aJl jl CjI^JjoJI (_^^l J J jiind ( ; ul^ll (jj^J jl Jj(g uLq jlxlaixi ^ajajl (jj^J ( ; ul^ll jl t fllla o ^ajajl daJ Cjlxi jIslxJI 
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.pseudonymous j^l^ll 

ORGANIZATIONAL OR PRIVATE FOOTPRINTING 
INTERNET FOOTPRINTING 



?(FOOTPRINTING) j* 



F 



A .)*>v« ^ l$\ methodological jf*j j <-^t a£j^JI Jiksll 6 ^ JjL ^UjI Footprinting ^ l^i^t? 

.Ai^iauJI 4 <Jai<il] ^ > ^ /Ml (j-a^U(blueprint) * J> ^>vi ^ j^j ^Ijji *4 vxp* Footprinting ^L^c iajj ^jl ^j^j 
^jjill ^Ikd! ^ j jjAj Footprinting <^ ^ 'blueprint' ^l^ki^l ^ 

^jc (JL V (jli ttilli .o^c (jjlaj CjUi jIslxJI *j Footprinting s^lj <a^-Lq tilU& ^jjjJ 

.^uJaia <Ljiajj ^^Footprinting ( ♦ 1 > J 'cs-^-^J .^^j^I 4jUr. l^ii ^jl <Jii quui c _^j3I ^qjujLaJ) djUi jIslaII ^j^l 

: cj! jJa^ jjjI ^ Footprinting J^^j n^ll M^IaUl ^ cjU jlx^l] dlLaj 

.network and organizational queries j DNSjWhois CjU^I ^^xj ^^jj .3 

.(Jjj^aliSlU t fla > ^^1 Jalij J^lstlajlj ^I^jI ^j^j ' Footprintingu^ ^illk^ l_u3LujIj 6l_jjj3! ^^Lk djljl^alj 

? FOOTPRINTING) jUl 

^l^. 6L_A^JI ^L<Jai<JI a£jjoi ^jc djUi jlx-<JI ^a^. j 6<jj^ji3l ^j^ nl jIujI e-UJ ^ia^I^xJI ^j-<i I^^jjujI ^jj Footprinting 

^jc CjU» jIslxJI ^-<^J Aij^la lW^^ ^Footprinting tlajL.» j£i La£ ^^^JaiJ! ^j^l ^ ^L^iaV Aij^la cJ^-^^ c^-^- jj^^ 

i^VI ^cljoajFootprinting .<i^aja3l ^jUr> ^ ^j^- Ijj^ ( ♦ 1T b t^i^jju^ll 4^Jai<JI 

(know security posture) cr^fl J^jil 

(JjlaJ dlia J / Aialdl] ^J^a jll (jc 4_Lil^ ojjj^ ^ laaU A-ja^-Laj 4^<JalL<i <L^)IaJ L_fl^Jl 4^<Jal<Jl ^^ic Footprinting^^ 

(Reduce Attack Area) f ^> ±aJI 

ojJjU^ 4Jaii^<JI Aj^jil! ip ^jjjUcj <J^j '(domain names) u^j^^ ^^^5 <c j-^^ 

. Ls ^\ ^ J^\-} Ailxlal! J^a^^ c> J '^J^V^ 

(Build Information Database) ^Ujk^ Sjp12 ^ LL - 
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(Draw Network Map) 4iajj! 

3 Jai^l l ^j^j £-a a£jJo!3 « ^\^a\\ ^-^^(Traceri) ^j^j^ ^ j^VI o^*-!j Footprinting Jl ^-jU^j q# £-aaJI 

Aja. jJ 4£jjual3 4 jUiltA^l CjLa jjuj^)3I £»^J (j£-aJj .Footprint a L 0 ^ ^ j A^aLaJi dujJjVI A^juJ ^-9 JiLaJ 4_Lj^J| £>i& ^jli .t fl^Jl 

(FOOTPRINTING) ^ <> Oifl! 

cjUjIx^j c (target's network information)^*^ 4^J> c> £^ Footprinting il ^ujjlt lJI^aVI 

iiiis J^Lk .(Organizational information) 4 *ki^ t ^ CjU jk* j t (system information) J^ult ^k>l ^ 
AjiLj tdjl qjj^ lj a£jJo3I CjU^k Jj£ ; Ji* CjU jlx^ J j^^ l *\ tAilLLJI a£jJo3I djUjlu^ ^ Footprinting 

L_fljl^JI ^Isjl j '{j^ia ^<J1 ^Uijojl (JiLd 6 Footprinting ji*-* ^ .J j^-^ ^ja! ^Jl j ^-^-^ IP q\ j 6<JLo£i31 c <>Jaj| j 

\ ^jIc J jj^^JI <lj ^^jII CjLg jIslxJI 1^)^. ^Iaj 6<Jasl!I D^fkJIj tJL^liVI (JjjUc-j 
: (target's network information) <-i^t ^ cjU^^a]) 
; C5 jVI J-<u^jj ^Jl ^trace routingj <Whois aJojuiI jj dULuIt social ^j^) l^j^ 3 c a£jj^3I <jc- diL* jLcJI 
— Rogue/private websites — W) Jj^j^ u^J yr^ A^j^U IP ojjUc — a£j^3I cj\£jL — u^j^l ^ — o^j^ ^) 

- ACLsj (Access control mechanisms) Jj^jll ^ ^211 M - lU^ ^1 UDPj TCP Ji^t ^VjSjjjjj 
s jLUl ^jljll CjULc^ — digital j' analog ^bjiilill ^IS J — IDSes 4jUaJt jl^ — VPN points — a^JI CjVjSjjjjj 

( (system enumeration)^^ fUai- (authentication mechanism) 
: (collect system information) J^^JI <ulajl ^ cjUjk* 

- SNMP - (routing table) ^jj J - (user & group name) W uj^hj ja^II j ^ ^" . n^ l ^Uu^l 

.(Cj! jlijVI ^Lkj) system banner- ^ cJl*& - ^Ikill ^1 - remote system £jj - ^U^l ^jj/aKia 

^Organizational information) 3^1*11 & cjUj]^ 

.HTML ^jj^^^l cjULJI *^ jJI cjlgjUMl — 3 Jalall — 4£jj^3I 6 UJl — 4£jj^13 (^^jojjII jA\ 



FOOTPRINTING THREATS ^iUalyiVI <^Ul«fr <> ^21131 ^Ijjj^I 2.2 



.t^^JI <xJai<JI (jljlkV 3J jl^-ft j> 6 (Footprinting) !^n>iVl aJ^c ^^jj ^1^11 ^jli tlLLaa 

^Uaj j 6L-jl uiaJl Jjj^alij (JIa ^Uaill ^ JluiA ^^ic <>iji3l diUi jIscaII (Jjl J^-^ UJ^W^^ u!^ 6 (FOOtp Tinting) j^nnVl AjLftC 

,4_lk^ja3l 4_L^.j^ (Jj^j (jl l^jLuj ^j-<i ^^jII CjUUJ! s^c-IS o Jjj^Ujj ;^^LkJI ^LgjojIj <_£^>^V1 ^<»I^)JI CjI jIa^Ij (Jjt.uuII 

.(FOOTPRINTING) e^^^ 1 ^ cA^^i\ lM±a ^ Ui 

Social engineering .1 

System and Network Attacks .2 
jj^l^l ^Footprinting c> .3£jj^3Ij ^IkJI cjU^a iiiiil ^l^SI ^Luj (Footprinting) ^^-Sai^VI aAac 
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Information leakage cjUjk*]) .3 

Privacy Loss .4 

^ > ^alli C5 l^. j a£jJo!3 Cjl£djuj) j a J jj^a jll ^ £ <lj ^jj^l^xJI (jli t Footprinting lalujVl 4jUr. ^ s^Lai^ ^ 

.UiUii dj^ia l^Jli I^j lail^j c ^j3I jj^kll c±jl£ .(Admin privilege) SjbV! cjUjIoi^ Jj^aj ciil jLlJ 

cjlS^iJI o^iuAj corporate espionage .5 

<j!^Lk A m\ uaaJl CjIjUJI Aijjoj <U jl^-a j (jnmViH f>g (jj.uiflU.diS djlSjjuall 4-iuUJ^)3l djI^J^ill ^ja j dllSjjuJl (jnmVi 

jA\ ^^ic jjjj Uu* t jjjjuJ! 4_BUui djl aalo JpUa] ^^ic ^jjj^li ^jjjuoaLixJI ^jli naall ^ jill 11a t . ujudj .Footprinting 

4jjUaJI jiLAJI Business Loss .6 

<jajj^a>JI JL^cVl j t^^kVl ajj jjjSIVI £fll j-aJl j ciijjjjyi Jio dj\£jJo3l ^^ic jjjU (Footprinting) ^^UalaiVl ajL^c 



FOOTPRINTING METHODOLOGY £ilku-*l J-e ^jj^j/^i* 2.3 



^a^. ^ J-<ilxjj l^jj _4aIj.<\]1 j^U^aII Cy* a CjUi jIslxJI ^-<^J 4-^1^)^.1 aLjuj j Footprinting ^ ^ ^ 

^ 'Whois L - J ^^^^ j^j (t> w ;^ CjI^^^ JiLd a alia o j^U^o djUi jIslxJI ^-<^ .J^^Vl cijUi jls^j 
_L^i > ^Lujj ^^jII a alai^l! ^jc ^L<ua djUi jix-<i c>5 ic jjix-Sl <lj ciiia 4-i>.>uj^)3I CjU» jIslxJI j^L^q (search engines) t8>1 ^ ^ cJ&^u* 



djLi jIscaII ^a^. ^ <ixa 1 v^rtj liLft j t qj^ <jujali<il (jj^Ali ^jaJ .cii^JI djl£j^<i l^^A 3 Footprinting o^^j <— s j^j V j> 



Footprinting through Search 
Engines 

Website Footprinting 



Email Footprinting 



Competitive Intellige 



Footprinting using Google 
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iaJl cjLSj^ ^iJi^L I FOOTPRINTING THROUGH SEARCH ENGINES-1 

£uti} (j^ajc ^jj .^llaIUJI C5 ic diL* jlx-<JI ^jc cilia dujijyi a£jj^ Jc- (search engine) jh djl£ja^ ^ > *aj ^j 

. (Search Engine Result Pages SERPs)^JI <4ja- g& cjUL^ 1^3) jLijj ^Uill <> J>i ^ f lc JSi d^JI 

'"^''^ J - *^ cJj > ^ Lf> J^^^ Clil uala Jlxi c V^U 4_xJaixJl CjL» jlx-<Jl ^1 JJjL till ^iajujJ CliaJ! dll^ja^ (j-a ^jAslSI ( jjJaLaJl 

a£jjoi ^L^iiaV jjjujI ^Ujj ^jIj ^a.1 g &3I ^jli tCjL* jlx-<JI £>i& ^I^jjujU < internet gateway j 6 <J j^^l lSj? 1 ^ 

J _L_i.igJ| CliLdalall J CjLoj jjjall *Lail£,a jl (fireWttll) ^LaaJl (jljlaJ AjjLajll diUi^lsLSl c LSj^j jll (J-gVI ^Ijsl 

a j^-SI jj Igijjla (jc (j^j a£jjoJI LU^ ^ till jSjj (jLia.VI 

jl (clljjjjVI A^Jjul) CjLq jIslxJI i^Klni Jc <j ja»* djlVnm^ Jc JJ^xJl J S^cbaml] ^ a > ^ A ^Jjuil «S £C-gLjJ j& (Cj ^aLJl) CllaJl tilja^xi 

^jjjjl^i ^Uj ^jj dia ,4_i£jjuj!>l£3l cjUj£-<JI Sjtaj J 41a*jjoia3I cjUj£i3l Jc taLucI JjVI ciiaJI Cjl£ja^<» c_ uL mLs x^^A l_j j > nl ^ Jc 

J <C JJUdJ (JxluHl l^U W^l A A^UA JjLolXi/^JjJjl^i/Lljl JJOlJ-<i 

t fliajLo jl jLauJl ULuiaSI j - gala o l_JUl!I ^JjjUslSIj (j^J^ / ; lilall (3^^ CjIAiLoixJI ^jjjllsu (.5^ £tJ^Jl (jia^>su 

L— La ill djl^^a^i .(J^a jj^aJU djl^^a-x»j dujJjVI a< ^;-' ^^^ic L— La ill dil^^a-xi ^ - gakj La Ullii C— La ill djl^^a^i L— Lj laJI ^jc 

d iLuajujjaH 4_ila-xJl CjI^JjoJI Ja.b Clia-Jl J-a^ (jj> ^» jUaj ^^Ic (J^jLLujj Ig-i-aj 64_ia3Ll!! jj£Isl!I <£jjaJl ^^ic CjL» jIslxJI ^jc ;^ S-^J^^ 

# 4_j^^)i3l Ajj^ajaJ! L-lb ul jaJl (>— la ia3 4_L^a_jaJ! Clia-Jl djl^^a-xi L»l # dijl jljj ^5! 
(JtIulS .l_J jll j>» jl 64^a-jJa3l CjLLiJI ^cl jSj t4jjlia.Vl CjIc A\ ^glc 4_a.LL<Jl CjLLiJI ^)iaj Ljajl Clia-Jl Cljl^^a-xi (J^asu 

„ jJdJ ^jjj^a^i 1 folio f>JLi ijf^^J J*^\ (Jjj^C ^^ic ;CjLixijjl jaJl (Jj^ia (jc Clla-Jl djl^^a-xi 

VJli^ail iiSj^-A (J^Sjj I^a 

(crawler/spider/robot)^j^^l 

L_La.l^3l Ljaj! ^<iL^)i3l 11a ^^jojJj tlfoiaLjay ( ^ ° 1 ^ ^W^V (Spider) ^ j;^ ^<iL^)J Clia-Jl djl^^a^ ^a^ajjaaj 

V j .Ifoia (Meta tags) ^h^^ ^b^^ cjLj!^ iiLjaj ^l^jaJ ^11 (keywords) ^LiiJI cjUKII j 4 (title)^*i^ 
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.Email Footprinting j Website Footprinting ls j^Footprinting 
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Microsoft 

From Wikipedia, the free encyclopedia 

Microsoft Corporation is an American multinational corporation headquartered in Redmond. Washington, that develops, 
manufactures, licenses, supports and sells computer software, consumer electronics and personal computers and 
services Its best known software products are the Microsoft Windows line of operating systems, Microsoft Office office 
suite, and Internet Explorer web browser. Its flagship hardware products are Xbox game console and the Microsoft Surface 
series of tablets. It is the world's largest software maker measured by revenues 14 - It is also one of the world's most 
valuable companies. [6] 

Microsoft was founded by Bill Gates and Paul Allen on April 4. 1975 to develop and sell BASIC interpreters for Altair 8800. 
It rose to dominate the personal computer operating system market with MS-DOS in the mid-1980s, followed by the 
Microsoft Windows. The company's 1986 initial public offering, and subsequent rise in its share price, created an 
estimated three billionaires and 12.000 millionaires from Microsoft employees. It is considered the third most successful 
startup company of all time by market capitalization, revenue, growth and cultural impact c Since the 1990s, it has 
increasingly diversified from the operating system market and has made a number of corporate acquisitions. In May 2011. 
Microsoft acquired Skype Technologies for $8 5 billion in its largest acquisition to date 

As of 2013. Microsoft is market dominant in both the IBM PC-compatible operating system and office software suite 
markets (the latter with Microsoft Office) The company also produces a wide range of other software for desktops and 
servers, and is active in areas including internet search (with Bing), the video game industry (with the Xbox, Xbox 360 and 
Xbox One consoles), the digital services market (through MSN), and mobile phones (via the Windows Phone OS) In June 
2012, Microsoft entered the personal computer production market for the first time, with the launch of the Microsoft 
Surface, a line of tablet computers. 
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o 

NetCraft - 

http://news.netcraft.com 
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FIGURE 2.5: Google Maps showing a Street View 
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People Search 
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http://www.whitepages.com : j^-a^ll 
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.AJJ JJ^Vl ^ ^^alaaV> *LiL^ 

<Jj3 j-G til jSjuj &J^j UJ^ J' IDS lS^*-*^ UJ-^ JJ^V^ AjjLul-g j 4-in3 *Lllu*aflJ <laJj^ S-LlJ ^1x^.1^31 ^ajflj jl j£-<uJl j-a 

Jj Lia. L5 j\j c _^j3I ajjojLojVI <— it j^Vl j' Footprinting Sjj ^ s^c-Lu^ L*j ^jq^l j£-ajj . (admin)^-*^^ J j^-a 
t IPjIjk^ Jia ^3 jJt jc CjUjkxi cilj^aj (NetCraft) ^ stal ^ I^IujL .browserj telnet « Jj*juS51I ^Lfej ^ L_ii^ 

Ia jJC-j 6 ^IXjouII ^aUaj (Jj \ <a1 9J j (hOSt Of the Site) ^ J-^L (Jjlnn^all c fljjJa^ll t^Ld jJl ^jojI J^l (illLi ^jl jjc j J^joiaII ^jojVI 



^LcJIj aj^ jill CjI^VJI < L^j dii^ : (sub-directories and parameters) c^l^Jlj jA\ CjI^JI (3 

/ ' a ^''-"^ gaj ^Lijl URLs j - ^^ u^jLc- a la^,^ 0 cJ*^- cS^^ 3 

.SQL injection L^aja ja jj jl£ lit U jiaall ajLxj ^^UIojVI jl ^^UIujVI a*j CjLLJI s^IS 
^j^j* a1 j^-udj _^t]| '(.jsp) '(.asp) 6 (.php) l!^ ^-^o^^ t ^I^Lftl j-* s^cLoi^ ^ ;cjLj£jujVI a - ^la (5 

jjjLcj L_fljlg_I! ^lajlj ^LjjujI (JiLd CjL» jIslxJI (JL^jVI l) j > ^ ^'^ '"'^'^ L» S^lc iCIVIS <Jj > ^ ^ j JL^jVI '--jLLj ^6 
Jij ^HiJ 4<JUJI £>i* J .Ci±3j£jojVI CjUL Cjblildl pU^I J^l j-o U^jL£ sjIcI (_> URL u^jL«J ^^"p :(CMS)g-«^ 

.dujj^jajVl c aL> <j^alo ^j^j] l!^^ L>^ -^L>^ 
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tibjjj L)jjU*il (Zaproxy< Owasp< Firebug' Brup Suite Paros Proxy etc) <> f l-ai^l 

(connection status and connection-type) JL^V! JL^JVI aJU - 

Accept-ranges ^ cjtalkdl 
Last-Modified information <b*>J! s j^Vl cjU jl^JI 
X-Powered-By information 
Web server in use and its version l^sl J^-ajj ^^i^JI ^Ij^ 

Burp suite ^ 
http ://portswigger.net 

screenshot j ^ aC - j g^alaH ^ o^l^c] <9j^>ia ^-^j^ j lSj.^" 1 ^ I^a ^ SjL j <j£-<ua ^j^aLkll ^ix^al<JI 



tLrp irtude- rtceat=r ^rjo^ 



■i ■ 11- 



Hfluc idliyii H i 



annt rtOrig C3j, nay mi mmm «my innmi r>*»fy *n i^psrrwv nunj' > pi,r it»»m 



htp Jli-jstfl- i**n-L<irri 
f»F y&oircn r*0t.e&nn 
ft* ^sficnci^oreotresr-i 

rip j1 rro.ncc*i in 

i It » ijfi J icdnir 

I l|_ j--. ii i.JTi-I icdnjn 

Hp ■te rras imnJn 

hff:j*irrfl&5.i«njr 

fit wOLl iKW 

l-lp Jl-artc rackl r.arn 

flp.J^a.ingfF.mail.variac.tc -i 

ftp AkK csii-ch ■ednecr- 

i-1p j'a.v.-^ spp f r-im 

:l ■ \- - ■ .m'j.v..) i 
g li. ■■■■ J -^o ■ ■ I : ■ 

T ._J rjv_comncn 



**■ rip: Jhww rKJLccn 
f ftp-.Swtf redlmaji.ccm 

n 

a- Hp .torn. w3 Dig 




BTTP/L J. 200 CC 

D*tt; m, so Jul ;oi" u 

. ; ■ .- : 

■T ■ p -i_ : jfpf lica:ic2,'s -jBSfaaczipc 
IlILtta. Tte, Id Jul ~nj:2 DBjilii- 



Serwec : H-ecowatc-TIS.'c-D 



Firebug 
http ://getfirebug.com/ 

CSS -S monitorj debugj editing c> <^ j^j^ <> j^jfljjli uujlt ^ciuala ^ sbVl ^ Ja*j 

^1 s^jJI JavaScript j HTMLj 

„ JjLuuJ) ^Usj j iai^ ^Lu^Lj AIaP ^ Xojju 4JV JjsLuu]| ^la^ J-asu ^jjhMl lift ;4Ja j^U 

<iUj| 6(spam)<^>^^ cJj^- jll ^ ^1 jj ^^ji I J^l>il3 ^13ij (spam emails) <^>J1 ^jJl j JLu> jj o° 

^l^kjjajU jj^JI ^jJI l^j^ 3 (^(location) ^ j-^^ ^5^* jj^^ ^-^^ •^c^j ^ill j li^V aJI ^jj ^>v^ jjoj 

jUlkl ^jc (jJ jiauJ! A-ullc. .iiUi Uij 6<J j^3l j <jV jll j ^jjAxJI (Jio djUi jls^ (j^H ^ajl ^ ^ dj (fiill jeMailTrackerPro 
djllulaj jlkl jUlkV Firebug ^l«^Luit ^WTi l_a jjoj ^^iLjaijV (j^^xiai^ j^j^^ ^ jj -0 ^ y * I j^^-^j c3^j^*^^ 

:c5 J fl£ [https://getfirebug.com] (e^ 1 ^ 
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Firebug 


- Mozilla Firefox (Private Browsing) 






° ^ 


O Firebug 












<- © Ai. htt getfirebug.com 






x El - G 






Crystal Dashboard- Eg... ^3 j^iij-o uSJu-i. 


<JI EGX 30// Certfied Hacker ^ etradej^jjl 


<ju (((((ocg J5J g j« ? T... O Free Online OCR - con. 


. □ ». Ol-Cisc 


o Certified N... 


j Free online OCR HO] Free Online OCR - Con... » 



What is Firebug? Documentation Community Get Involved 

Introduction and Features FAQ and Wiki Discussion forums and lists Hack tr>e code, create 



Firebug 



Web Development Evolved. 




The most popular and powerful web development tool 

Inspect HTML and modify style and layout in real-time 
Use the most advanced JavaScript debugger available for any browser 
Accurately analyze network usage and performance 

Extend Firebug and add features to make Firebug even more powerful 
Get the information you need to get it done with Firebug. 

More Features » 



Introduction to Firebug 




Inspect 

Pinpoint an element i 
with ease and precisi* 



Log 

Send messages to the console direct 
from your webpage through 
Javascript. 



Transferring data from getfirebug.c 



Debug 

Step-by-step interactive debugging 



II 



Analyze 
Look at detailed 



Layout 

Tweak and position HTML elements 



tiLuAij ^ill jl^aVI jti^j l_a jjoj aI^lL ^ill ^jjjll 3j*jj^a jj ^ill j Install Firebug -2 



jt 


Download Firebug : Firebug - Mozilla Firefox (Private Browsing) 






o || Iff || 23 


Eite fictft View Hijtory Bookmarks 


looks bk»P 

ma 








A https: getfirebug.com/downl 


oads/ 






p * * * - 


[_] Crystal Dashboard- Eg... 0 lS 


juuloJI EGX 30 Certfied Hacker etradeJ^jJI JjlWt (((((Cj£ J5J eJn? T... © Free Online OCR - con... 


[□ ► 01 -Cisco Certified N... 


; Free online OCR Q 


1 Free Online OCR - Con... » 



What is Firebug? Documentation Community Get Involved 

Introduction and Features FAQ and Wiki 



Firebug 



Web Development Evolved. 



Download Firebug 



Firebug for Firefox 

jj^g Firebug 1 .12.6 for Firefox 27: 
Recommended 

Compatible with: Firefox 23-29 
^^^^^k Download , Release Notes , New Features 

Firebug 1.11.4 

Compatible with: Firefox 17-22 

Download , Release Notes , New Features 



Firebug 1.10.6 



j^jjUj 4^aUJI add-on ^^^» ^ ^ *\\*<\ aijj / ^ill jl^aVI download ^ >^.l ^j^aj -3 

Firebug ck^t ^jSj ( ^install now ls jfr^j ^ Add to Firefox > ^ i> ls^ j 





Register or Login I Other Applications — ITI QZ 1 L I £1 V 

Welcome to Firefox Add-ons. Choose from thousands of extra features and styles to make Rirefox your own X 


"A" » ELstexksions » Finelrug 






by Joe Hewitt, Jan Odvarko, ro"bc5ee r Fi pel > i ii'.Wt) r ki nr.G rouj > 

Firebug integrates witlx Firefox to put a wealth of development tools at your fingertips 
while you browse. You can e< 1! t „ debug, ancl monitor CSS. T 1 ' 1 TvT f., and JavaScript live in 
any web page... 


l,6ll user reviews 
2,96^095 users rtfi 

f=1 AiAd -to eolle>c*i<in 
Share this Add-on 
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^VtS ^Ujlt oj&\-i CjIj^VI Jajj^ c> cW^ ^rKll ^Firebug 3 <jjLVI ^ Jaa.iU CiuSslI ^ *1$1jVI aju -4 



^^^^^^^^^H | J5& Private Browsing 


M 




- C 


i 1!1 


v 4* ^earch or enter address 












What is Firebug? Documentation Community Get Involved 

Introduction and Features FAQ and Wiki 



^.Firebug 




Web Development Evolved. 



The most popular and powerful web development tool 



Inspect HTML and modify style and layout in real-time 

Use the most advanced JavaScript debugger available for any browser 

Accurately analyze network usage and performance 

Extend Firebug and add features to make Firebug even more powerful 

Get the information you need to get it done with Firebug. 

Mnrp Fpatiirfts > 



Source Firebug Lite Extensions 



Introduction to Firebug 

Firebug pyroentomologist 
Rob Campbell gives a quick 
introduction to Firebug. 

'■Vatch now » 




More Screencasts > 



^1 : 



Console HTML ▼ CSS Script DOM Net Cookies 



<> Edit body#home html 



J] Style » Computed Layout DOM 



<!DOCTY?S h 
B <html> 

9 <head> 



body { master.css (line 26) j 

background: url ( "/img 
/bg-grad. jpg") repeat 
scroll 0 0 ♦SFSFSS; 

color: #333333; 

font-family: "trebuchet 
ma" , helvetica, aana- 
aerif ; 

font-aize: €2.5%; 

} 

html, 
body. 



reset.css (line 6) 



j^j Netj scriptj CSSj htmlj Console cjIjjVI <> isy^t ^j^?l -^j^ c>\ ^ -6 

Firebug J^j[http://www.microsoftxom/ar-EG/default.aspx] c^j^jjIjU Jl -7 
lil^ j*\ jV L_flj^xj3l ^^ijj cJ^j^ jj' tdiijj£ja: ULaJU (j^aliJI j-*ljVI jiajuj till Console panel -8 

jJI <> cJJ^j j .U3U <^ j^JI lUi^JI 6 jl&| ^ ^i]| HTML/XML ^ HTML panel -9 
CSS ^j*-* ^4* tW^' s^W^ .DOM s Jc CjUJU^J! ^i*^ Ljajl o^^s 'source code^ 

(internal URLs) 4_iLkUI ^jjUJIj (source code) J-£jVI ^lj£l JS* cjUjkJI ^^xj t*U ^ panel^ jl j^l 

aLLouj .tiAjjajVI Jc- 3^g»^ l^jta ^jII HTTP jjj^t <jsIj-q £>i* ^> c5^hj1^ lP 3 ^^ Net panel -10 

.ei^JI c_jjj3I jjjL i^jU^i ^ ^j]| round tripj respondj request c^^' 
_^JUJI A ^h^W l ^ uJaj ^1 cookies ch 3 ^ Cookies Panel -1 1 

https://getfirebug.com/wiki/index.php/ 

(HTML JljS! o*ai) EXAMINE THE HTML SOURCE CODE 

(jj! jill cjILLuII ja jj .Uj^j lg^.1 j^l jl CMS (J^jia (jc Loj Ia jUij] ^jj (^^(coninients) <^^jWl\l AjuIIg 

jl (web admin) ^j^V^ ^f^ 1 ^j^aj ^ > ^ II JL^ajVI J^^-^ j^j^ ^ I^a C5 i^. .AjilkJI ^ cJ-«*j Ui tili^cLouJ 
^joij 11a .cjULJI ^Ikj ^Inj cJ^.1 c> t (image tags)s (links) -Wjj^ . (developer) jj^J^ 

. (SCrip t)< te 5 J ^ a ^ ^x»Uji3l J-oxj (^ill A-iij^l Ij^aa] CjUUj Jl^^l .4_iikxJl CLjULJIj Ch\ lla Jl jc lAJ^IU till 
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tJ^jPer^jQ Source: Microsoft Egyp... 

D Save O Apply Changes 



• utf-8 ' /Xmeta 

/Xscript type= 1 
ipt ' > / • < I [ CDATA [ • 



/ 



< : DCCTYPE htmlXhtml xml.iB = ' http : / /www. w3 . org / 1999 /xhtml 1 XheadXir.eta http-equiv= - X-UA-Compatible ' content= 1 IE=edge 1 /Xmeta 
narr.e= * viewport * content = ' width=devioe-width , initial-scale= 1 . 0 ' / Xlink rel=' shortcut icon' href = ' / /www . microsoft . com/ favicon 
j avascript " src= " http : / / a j ax . aspnetcdn . com/ a 3 ax / - Query / j query- 1.7-2. min . j s " >< /script Xscript type= " text / j avascript * language 2 
( S ( document) . bind( "mobileinit " , function ( ) { S .mobile . autoInitializePage= I 1 } ) , navigator . user Agent . match ( /IEMobile\ / 1 0 \ • 0 / ) ) |var 
msViewportStyle = document . createElement ( " style * ) ; msViewportStyle . apper.dChild( document . createTextNode ( " @ — ms— viewport {width : auto ! 

important } " ) ) , document . getEleme.-.ts3yTagName ( ' head ' ) [0 ] . appe.idChild(msViewportStyle) } / •] ]>•/< / scriptX script type= ' text / - avascript " src= " http : / / 
a j ax . aspnetcdn . com/ 33 ax / 3 query . mobile / 1 . 3 . 2 / 3 query . mobile— 1.3-2. min . j s " X / script X script type= * text / j avascript * src= " http : / /www . microsoft . com/ library / svy / 
broker . j s " X / script><title>Microsof t Egypt I Devices and Services< / titleXmeta name= ' Title ' content= ' Microsoft Egypt | Devices and Services' /Xmeta 
name= ' Description " content='At Microsoft our mission and values are to help people and businesses throughout the world realize their full potential. 
Xmeta name= ' MscomContentLocale " content= ' en-eg " /Xlink rel= ' stylesheet ' type= ' text /ess ' href =" http :/ /c . s— microsoft . com/en-eg/CMSStyles / style . csx? 
k=eb892833-0e5a-b8c0-2921-57013ef 132d9_dl5defd2-43e0-6ba3-d84e-6c8d7a3f732b_6ef 15c9b-6136-76b5-5bde-4d498caa5717_2c80eldc-20c4- 

d477-7a0b-59cb225b0433_b9a4dca0-043b-8cdb-db33-eccf0a88a46c_fc29d27f-7342-9cf3-c2b5-a04f30605f03_af82085d-e91c- 
c2ae-6ec9-24eo3fb77aaa_42385393-1568-0ald-5f22-b6eddel7fe2e_265c26ab-43c8-f7c6-5269-387bocf69822_512edd68-496e-4736-4747- 

al57b9f76588_ef 11258b-15dl-8dab-81d5-8dl8bc3234bo_650874df-77fa-bd8f-528b-el875b587a3a_332bf8cl-lc97-197f-de55-fc02oeb6996f_8031d0e3-4981-8dbc-2504- 

bbd5121027b7_910faa83-c85a-8949-2b2f-5ea4ddf777da_aebeacd9-6349-54aa-9608-cb67eadc2dl7_0cdb912f-7479-061d-e4f3-bea46f 10a753_c9ba3028-2a39-dd6c-0bdd- 
bedfca9429e9_f27e7614-5ae4-06f0-0c08-0b6a57d45b69_190a3885-bf35-9fab-6806-86ce81df76f6_b49c7dd0-de08-164b-4c99-6b8d22eaa012" /Xscript type='text/ 
javascript' src='http: / / c . s-microsof t . com/ en-eg/ CMSScr ipt s / script . j sx?k=5 1 7a7087-9636-e078-8b 1 3-a 1 73049 1 92 f 5_83a 1 f 942-eaea-dba0-33 1 d- 

aa6f 17e466ba_b29ba48c-2143-ba78-dd85-b375247f9d08_c62a314c-abfd-3082-b087-ae76b3e2aba6_49488e0d-6ae2-5101-c995- 

f4d56443bld8_0faa2be8-2e50-59c7-7a5b-2ee59edffbel_38aa9ffb-ddb5-75be-6536-a58628f435f5_e3e65a0a-cl33-43e7-571d-2293e03f85e6_4ca0e9dc-a4de-17ba-f0de- 

dld346cb99e2_06310cd8-41o6-3bll-4645-b4884789ed70_5c27e8aa-9347-969e-39ac-37a4de428a8d_643c5f01-el72-5f6c-9369-6632e484c73a_cf866ad6-0a3d-of96- 

b6be-21be37fa7430_5f504ba5-214a-0828-90ec-36dd9c343c0b_cf2ceca9-3467-a5b3-d095-68958eee6d4c_8c8be2fc-d64f-68bl-c04f-86433b07a6b7_ec5fa2c9-3950-ff57- 
a5c3-lfa77e0dbl90_dl9f9592-65df-boc9-e30e-439b875c3381_fe6cl0f l-65ea-fef9-30b3-ff6536bd82de_odf20e43-7f50-5e8c-4e0a-4cbl6b90fala_aa6b4bf0-f7bl- 
aeee— lb 1 8 — 39cdl 1 a08cb2 " >< /scriptX /headXbody class= ' mscom— nonj s mscom— hp— theme— layout ' Xdiv class= " row— fluid" data— cols= " 1 ' data— viewl = ' 1 " data— view2= " 1 " 
data-view3= ' 1 " data-view4= 1 1 ' Xdiv class= ' span bpO-col-1-1 bp2-ool-l-l bp3-col-l-l bp 1 -col- 1 - 1 ' Xdiv id= ' 1 0 1 f c55e-06e5-ba37-7 f 4e-c384eb4a673f " Xdiv 
class= ' CSPvNext CMSvNextComp mscom-alert ' X /divX/divX / divX / divXdiv class= ' row-fluid' data-cols= ' 1 ' data-viewl = ' 1 * data-view2= ' 1 ' data-view3= ' 1 ' 
data— view4= ' 1 " Xdiv class— ' span bp 0— col— 1 — 1 bpl — col— 1 — 1 bp 2 — col — 1 — 1 bp3— col— 1 — 1 mscom— fullwidth— view— 1 ' X script type= ' text / j avascript ' src= " http : / / i . s — 
microsoft . com/library / capi / wt_capi . j s ">/•<! [ CDATA [ • / /•]]>♦/</ scriptXdiv id= ' ctlOO_HeaderControl ' class= ' CSPvNext CMSvNextComp mscom-header ' Xdiv 
id='ctl00 HeaderControlGrid " bi : type= " header " xmlns : bi= ' urn : schemas— microsoft— com : mscom : bi ' Xdiv class= ' row— fluid mscom— container— maxwidth mscom— grid- 
container mscom— fullwidth— view— 1 ' Xdiv class= " row— fluid mscom— header— row— 0 ' data— view4= ' 1 ' data— view3= ' 1 " data— view2= ' 1 ' data— viewl =" 1 ' data— cols= ' 1 ' Xdiv 
class='span bpO-col-1-1 bp 1 -col- 1-1 bp2~col-l-l bp3-col- 1 -0 mscom-textalign-right mscom-header-storelink-section-topbar ' Xdiv id= ' E343C833-5E0A-4F9F- 
A809-33C3C90843C1 ' Xdiv class= ' CSPvNext ' X /divX/divX /divX/divX /divXdiv class= " row-fluid mscom-container-maxwidth mscom-grid-container " Xdiv 
class= " row-fluid mscom-header-row- 1 ' data-view4= " 2 ' data-view3= ' 2 ' data-view2= ' 2 " data-viewl= ' 2 " data-cols= " 2 " Xdiv class='span bpl-col-2-1 bp2-col-2-l 
bp3-col-2-l bpO-col-2-1 macom-header-section-l-rXa id= " 847 lb248-f 90c-4075~a2cb- 1 327a8270f 7e " target= ' _self ' class= ' mscom-link mscom-siteLogo mscom- 
sitel-ogo-small mscom-hide' title= " Microsoft ' href =' http :/ /www . microsoft . com' Ximg id= ' 903566 1 4-be4c-47 1 1 -ba08-6ef 847ab095f " src= ' http :/ /c . s-microsof t . com/en 
eg /CMS Image s/ms logo . png?version=856673f 8-e6be-0476~6669-d5bf 2300391d' class= ' mscom- image mscom-left' alt= ' Microsoft ' width='160' height= ' 34 ' /X/aX/ 
divXdiv class="span bpl — col — 2—1 bp2 — col — 2— 1 bp3 — col — 2— 1 bpO— col — 2— 1 mscom— header — section— 1 —2 * Xdiv class= ' mscom— header — section— 1 — 2 — 2 mscom— right ' X / 
divXdiv class= ' mscom— right " X /divX /divX /divXdiv class= ' row— fluid mscom.— header— row— 2 " data— view4= ' 2 ' data— view3= " 2 ' data— view2= " 2 " data— viewl =* 2 " data— 
cols= - 4 ' Xdiv class='span bpl-col-2-1 bp3-col-2~l bp2-col-2~l bpO-ool-2-l'Xa id= ' f 2833bf 2~4c29-4a42-a757-4f 7a87f 5aced' target= ' _self ' claas= "mscom-link 
mscom-siteldentity mscom-hide' href="X/aXa id= ' E126630F-A45F-4262-8E8C-1F855E345231 ' target= '_self ' class= ' mscom-link mscom-siteLogo mscom-siteLogo- 
large ' t it le= ' Microsoft ' href = " http : / /www . microsoft . com' Ximg id= ' D4F87365-C346-40F9-8458-56E05A09932 1 ' src= ' http : / /c . s-microsof t . com/ en-eg /CMS Images / 
mslogo .png?version=856673f 8-e6be-0476-6669-d5bf 2300391d' class= ' mscom- image mscom-left' alt= ' Microsoft ' width='160' height='34' /X /aX /divXdiv 
class='span bp3-col-2-0 bp2-col-2~0 bpl-col-2~0 bpO-col-2- 1 ' Xdiv class= " mscom- right mscom-header-section-2-2 ' Xa id= ' da7eaf 64-bd59~405 1 -be6a-80d6be82793e * 
target= "_self ' class= ' mscom-link mscom-header-navtogglelink mscom-show-navtoggle-text ' href =' /en-eg/default . aspx?NavToggle=False ' bi : track= ' false ' Xspan 
class= " icon-menu' X/spanXspan class= ' screen-reader-text ' >Menu< / spanX / aXa id= ' 439eb91 1-bf 35~4c9a-bf 2b-939ee55727b2 ' target= "_self ' class= ' mscom-link mscom 
hpaHsr- agarp.htnirnlpl inV hrpf=' /pn-gn/Hpfanlt . aanT'»fiparr.hTonnlp=tTiip' V»i : i-T-a<-.fc= ' -Fa 1 a«» • X.nan a aa = • -i <-.r»r.-a«»a T-r-.h • X / attanX ana n r.Ua^'.r.TPw-rparfpr- 

ID * O 



ui <aj _l$£ jLujj \ $ li* u^j ^ L ^&\ ^j^j] (server)^^^/^-^ AJauit jj \ > ^ j ^1 <^^(cookies) dial* <j-*a^i 

. jj£ jSII cjUL U jjc^j (sessions) dl jj^ t> i-L^ii&H ^(script) 2^ 



Cookies 



c 



~M3 



Search: 



The following cookies are stored on your computer: 



Site 


Cookie Name 




t> l_ \\ y.o ne.itnpact-ad.jp 






t> | J) yadro.ru 






1 lb yahoo.com 






I I yahoo.ccm 


RMBX 






Name: RMBX 






C 0 ntent: Qt5-41 h Wfj g 9SSib = 3&Ls= 3g Bdt=41 






Domain: .yahoo.com 






Path: / 






Send For: Any type of connection 






Expires: Thursday, February 11, 2.Q16 10bO1:O"7 PM 







Remove Cookie 



Remove All Cookies 



CloGe 



MIRRORING AN ENTIRE WEBSITE 



<c a s^cLuuj iiUi ^jj q\ (j^-AJj #C5 i^aVI ^3 j*Jl (j* ^ ^ u1 " 1 *Ij&J A-ilxc j& ; (Website Mirror) ^tj-*Jt ) j-a 

CjUij^a tdjhU^l 5il£ ^Ujj <c*L ^UJI ^U^l dujijYI j* J^aJL t*U CjI jjVl ^ j1 jjVl c> 

,t*L o-aUJI jj ^SLll/^LaJI t> cjUIJI <> U jj^ j jj^ill cjUL tCjUi^ill t jjjuall ^HTML 

iJHM ^tjilt (> JjJxi) ^fc ^jlau (Website Mirror) 6 ^ 
.(offline) Oi^ jt jll ^ ^1 jJl ^LJI <> (l 

.(website clone) ^ ^LuiLxil lU^ 



(2 
(3 
(4 
(5 
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(£\ja1\ ^LuuIl-I ^ 4^^1ul4]| Cj(jjVI) Website Mirroring Tools 

HTTrack Web Site Copier ■ 
http://www.httrack.com : 

ajUJI djULJI U jjc^ j jjj^all j HTML diUi^ Jc J ja^JI j tCjhK^l 4il£ *Ujj t b U« Jc <>» lW^ 

c> ^ua! .(Site's relative link structure) y^^' -W jj HTTrack .4? o- 3 ^ j^^^ jW 

£3* ^<JI (j^ajc Jajlj iajlj ^ ^3 j-<JI j ttiL <j^aLiJ! ^ aldll Jc " website mirror v ^ill ^3 

■D-DOS f j^* c^JI j HTTrack Sbl ^ iJiiyiL jSftfl Jp <> J^l£ gS ^ ^ku lJj-uu Ua 

•luMl ^U3I j^ki <Jc Viii^l -3 



Win HTTrack: Website Copier - [New Project 1] 



File Preferences Mirror Log Window Help 



H- Local Disk <C:> 
EE] ■>— a Local Disk <D\> 
B-i PJ jana <E:> 
EEK ^ rnteba <F:> 

HP_RECOVERY<G:> 
E -tJ^ DVD RW Drive < H:> 
El-i-j^ CD Drive <l:> 



Welcome to Win HTTrack Website Copier! 
Please click on the NEXT button to 



- start a new project 

- or resume a partial download 



HTTrack website copiei 



Open Source offline browser 



Next > 



Help 



Ready 



.^j^jU! 11a new project ^jj^ next iai^jalb ^jij -4 
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H 

File Preferences. Mirror Log Window Help 



WinHTTrack Website Copier - [New Project 1] 



Local Disk < C:> 
EE -^J Intel 
g] jy PerfLogs 
\±\ •• Program Files 
\t\ Program Files (xS6) 

FT1 swsetup 
[i] l£l Users 
[j] -Jy Windows 
F±]-- , , Windows. old 
I Q END 

j HPUP1O00_P15O0_Series1.l 

setup.log 

g] i. — -i Local Disk <D:> 

\±\-\ <_o jana < E:> 

EEl--^ „, mteba <F:> 

H P_REC O VERY < G : > 
DVD RW Drive <H:> 
\t\ CD Drive <l:> 



Project name: 

Project categor/: 
Info 



"3 



Type a new project name. 

or select existing project to update/resume 



|C:\My Web Sites 



1 



J 



J 



Help 



J 



Ready 



i r 



^jjj^j 4_& lJj^ ^ill ^j^j Jaxj Base path Project name ^ ^jj^uJI J^j -5 

;4JU3! 4_JjLi3l laSa next 1 u<< p5 .ciiliLall 

Win HI I rack Website Copier - [jana.com.whtt] — m 



File P referen c 



Mirror Log Window 



Local Disk < C:> 
Intel 

PerfLogs 
Program File:: 
Program File; ■' x? c •■ 
swsetup 



m 
m 
•j* 
m 

t . Windows. old 
END 

■ I j HPLJP1 000_P 1 500_Ser 

-■ I "j setup.log 
, Local Disk < D:> 
, jana < E:> 
OOOO 



m- - hts-cache 
j^ll backblue.gif 
fade. g if 
index.htrnl 



- Mirroring Mode - 

Enter address{es) in URL box 



Web .Addresses: (URL) 



I Download web sitefs} 



Add URL.. 



http ://www .certrf iedhacker.com| 



URL list (.txt): 

Preferences and mirror options : 



< Back Next > 



Help 



I r 



u^^j Action cS^^ 3 CP" A b*^* ^^>^ ^ A *j> ^ o^^j Add URL > ^ j - *^ l^-^ -6 

l^JUll <^Ui3l c^^jj ^1 j Set options ^» > iaL t*Ui j ^^l^ cjtal^j ^l.ikU Ljaj 

H WinHTTrack 



MIME types 
Proxy Scan Rules 



Browser ID l_o g . Index.. Cache 

Limrts Flow Control Links 



I 



Experts Only 
Build Spide 



1 



Use wildcards to exclude or include URLs or links. 
To i_i can put several scan strings on the same line. 
Use spaces as separators. 



Example: :zip -www . 



.com -www. 



.edu/cgi-bin/*.cgi 



I 1 *-" gif. jpg. png.trf. bmp zip. tar. tgz. gz. rar. I--" mov. mpg. mpeg. avi. asf . mp3. 



Exch 


jde 


link{s>.. 




Inck 


jde 


Iinkfc3>-. 



-*.js -ad.doubledick.net/* -mime:application.4oobar 
-+-~.grf -+*.jpg -n*.png -+-~.trf -H*.bmp 
-•-""".zip -+*.tar +*.tgz -+*gz +*.rar -+-*.z -i-*.exe 

-i-*. mov -*-*.mpg -a-"* mpeg +*.avi -+*.asf mp 3 -i-*.mp2 +*.rm 



"Tip: To have ALL GIFfiles included, use something like -i-www .some web .corny"**, gif . 
t-H*.grf / -~.gif will include/exclude ALL GIFs from ALL sites! 



| OK | Cancel | Help 

j& La^j L* Ia jjc. j (Limits) Jj^'iN aj ^ j^ui^l! fp^l aja^j j ^^-^ jjJl 4^vfi^l ^I^VI <j-a ^ -7 
.NEXT JaaLJaj ok J**^ ^ ^tull g- 1 jjVI ^ j ^ cr^ 1 CLjU1a31 t ] ^ c^ 31 J Scan Rules 
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WinlHTTracIc Website Copier - [JANA.COM.whtt] 



Log Window Help 



, Local Disk < C:> 
, Local Disk < D:> 



FH- ■ jana.com 

l~l i . jana.com 

rh— hts-cache 
;—• f^] backblue.gif 
j j^] fade.gif 

index, html 
r^] , . New folder (2) 
rh operating system 

FjH- Security Co rase 

I±l- , . Unix Shell Scripting Adv 
r±]-J^ VingadoresCbox_H©.Vi 
[*] VMware 
RH , . wireshark 
j-.-T^ 01 241 041 34_Wi resh a . ep 
P^l bookmarki-2014-02-10. 



E.i=-5 s z.-s;: ::--5:l c = ■e- ^-.s :- - - ■= : e ■:- -: ■■-= - I 
-i press FINISH to launch the mirroring operation.; 



Remote connect 

Connect to this provider 



| Do not use remote access connection 
I Disconnect when finished 
I Shutdown PC when finished 



sfer scheduled for: [hh/mm/ss] 



■r - " Save settings only, do not launch download now. 



CAP 



. Jj-aaall 4_Lalc FINISH kinVi £ LjA U£ A-ijJaljjiVl dibl^&VI J ^J&"l ^ 3juJLua11 o^A J j*-a jll -8 

Site mirroring in progress [2/30 (+261 1210495 bytes] - [J AN A. COM . whtt] - 



File Preferences Mirror Log Window Help 



El Local Disk<C:> 
El- i — a Local Disk <D:> 

\=\~\ gj jana < E:> 

OOOO 
El- jana.com 

|=1- jana.com 

El . hts-cache 

, ( hts-log.txt 

1 backblue.gif 
fade.gif 

^ index.html 

I H J AN A. COM. whtt 

[^] , . New folder (2) 
El - operating system 
F^l- • .JU Security Corase 
El ijjj seven 
El- . Unix Shell Scripting Adv 
£]- , . VingadoresCbox_H@.Vi 
El VMware 
fil- • | . wireshark 
' -TJ 01Z41O4134_Wiresha.ep 
hnnlfmarl(<:-?014-0?-10. 



Parsing HTML file.. 



In progress: 
Information — 

Bytes saved: 1.15MiB 

Time: 1min42s 

Transfer rate : 1 E. S5Kj B/s (6.76Ki B/s) 

Active connections: 4 



Links scanned: 
Rles written: 
Rles updated: 
Errors: 



2/30 (+2S) 

26 

0 

O 



scanning ww.certifiedh...ages. s zieshcv: 

receive ww .certrFiedh . . .ages/slideshow/slide-3 .png 

receive -vw .certrfiedh . . .ages/slideshow/slide-1 .png 

receive -vw .certrfiedh . . .ages/slideshow/slide-2.png 



SKIP 



SKIP 



SKIP 



SKIP 



SKIP 



SKIP 



SKIP 



SKIP 



SKIP 



SKIP 



jj j^l ^j^j Mirror Operation complete J^^i ^1 ^ ^ J ( ^ t j c> *1*2jVI ^ 

.<L^j U <j^j*j ^jiJ Browse Mirror Website 

H Site mirroring finished! - [JANA. COM. whtt] - l= 



File Preferences Mirror Log Window Help 



B--^ Local Disk <C:> 
a Local Disk<D:> 

$"LJ j ana <E;> 

ijl- i . 0000 
E]- jana. corn 
El- . jana.com 

H- . hts-cache 

LJ] hts-log.txt 

backblue.gif 
fade.gif 

|»j index.html 

i H J AN A. COM. whtt 

j . New folder (2) 
B3- | . operating system 
B3- . Security Corase 
r-g-J^J seven 

[jl- |. Unix Shell Scripting Adv 

[jl- . VingadoresCbox_H©.Vi 

H- VMware 

B3- , . wireshark 
| -TJ 01241041 34_Wiresh a. ep 
! Pi hnnkrnarks-?014-0?-10. * 



Mirroring operation complete. 
Click Exit to quit WinHTTrack. 

See log file Is) if necessary to ensure that everything is OK. 
Thanks for using WinHTTrack! 



Browse Mirrored Website 



; Rnish 



Help 



i i r 
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: — # apt -get install htt rack 
Reading package lists. . . Done 
Building dependency t ree 
Reading state information. . . Done 

The following extra packages will be installed: 

libhtt rack2 
Suggested packages: 

webht t rack htt rack-doc 
The following NEW packages will be installed: 

htt rack libhtt rack2 
G upgraded, 2 newly installed r G to remove and 574 not upg ra ded 
Need to get 415 kB of archives. 

After this operation, 1 , G95 kB of additional disk space will be 
Do you want to continue [Y/n] ? | 



root@j ana : ~# mkdi r mywebsites 
ot@ j ana : ~# cd mywebsites/ 
a : -/mywebsites* | 



jit HTTrack .non-interactive mode <^ jll ^ jl interactive mode <^ yfi ^ HTTrack u' 
o±*-> ^UIj^j I^jj ^3 . Jl Jj^ll ^u-a c$l ujA? httrack JjjI* c> t*Bi fijj interactive mode 

httrack >»VI <j\& t*Ui ^ non-interactive mode J 4 fo £d Ul ^jjj ^ill ^j^i3 3J^V( 



,<J A > <al \l AjjUlkVI £J > (j-a (_^l 4 * in ^aJ 

: JVl* interactive mode j^ajJI J httrack J^£j ^ 



a : 


~/mywe b s it e s# htt r a 


ck 




Welcome to 
Copy right 
To see the 


HTTrack Website Co 
(C) Xavie r Roche an 
option list, enter 


pier (Offline Browser) 3.46- 
d other contributors 
a blank line or try htt racl 


i-libhtsj ava .so .2 
<l - -help 


Enter p ro j 


ect name :| 







janateba ^ u^j [Enter project name] £ ^1 ^ ^ i^lia <_Jki J jVl s jkiJl j! 

Enter 



Enter project name 


: j anateba 




Base path ( return^/ 


root /websites/ 


> I 



jH^j jjoj mywebsites ^ a\\ JjS ^ UjLijl U£ .<LklAj ^ ^ ^ jjuj ^il! ^1 jblkl s jia^JI 



Base path i 


return^/ r 


-oot/websites/ J : / root /mywebsites 


Enter URLs 


[ sepa rate 


id by commas or blank spaces) :| 



I^VIS www.certifiedhacker.com ^ u^j ^j^ ^J 15 s^j^^ ^ ojIaaJ! 




Enter URLs (separated by commas or blank spaces) :ww.certifiedhacker.com 



1 Mirror Web Site(s) 

2 Mirror Web Site[s] with Wizard 

3 Just Get Files Indicated 

4 Mirror ALL links in URLs (Multiple Mirror) 

5 Test Links In URLs (Bookmark Test] 
Q Quit 
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:^Vl£ Enter c> 



Proxy [ rsturn=none) : 

You can define wildcards , like: -*.gif +www. :+: , 
Wildcards [ return=none) :* 



>m/ :+: . zip - :+: img_* . zip 



You can define additional options , such as recurse level [ - r<numbe r>) , separed b 
y blank spaces 

To see the option list, type help 
Additional options [ retu rn=none) :| 



^1 jj^j Enter iai^jalU ^ jij 
^jjj fn< lij tilli Aau .Enter ^ cjULJ! ^1 ji\ Ls i*u * j^*^ s-^ ^ ^l:^ >; cs-^ ^-aLJI £ ^^L^ ^ 

.Enter ^ V ^ ^uaLjal djbl^l 



1 Additional options 


[ retu rn=none) 








> Wizard command 


line : htt rack 




;e rtif iedhacke r . com -W -0 


"/ root/mywebsite 


s/janateba" -%v * 










Ready to launch the 


mi rro r? (Y/n) 


1 







l^Vl^ ^cjoull I^jjs Enter ^ Y j^-^ ^cjouI! 4jUr. aJj l^j l_a jjoj ^^il! lLjUIaslSU ^a^L <iljl±klj ^jli Enter c^-^- 1 ^ uVl 



Ready to launch the mirror? (Y/n) :Y 

WARNING! You are running this program as root! 

It might be a good idea to use the -%U option to change the userid: 
Example: -%U smith 



Mirror launched on Thu, 06 Mar 2014 19:43:06 by HTT rack Website Copier 
tsjava.so.2 [XRSC0'2Q1Q] 

mirroring www.certifiedhacker.com :+: with the wizard help.. 



'3.46+libh 



:-# Is 


mywebsites/j anateba/ 






hts-cache 


para . llel . us 


backblue . gif 


hts -in_p rog ress .lock 


www. certif iedhacker . com 


certif iedhacker . 


com hts -log . txt 


www. w3 . org 


fade . gif 


index . html 




:~# | 







SortOftfcne Ptofwswnjl 2 1 I 



^ ^ IS 



■J 0 ■< 




JuggyboyQuettloi the Rules 
♦ + 


■ 





SurfOffline ■ 
http ://www.surfoffline.com 

iJaa^Ij (ill ^<uujj £L^li^)J! ^L-jjjll (Jj^^j] SurfOffline 

Asu ,tiL (j^aLkl! Cijiyi Q*aj{a\\ CjLa^a Jj^^^J cJ-*^^ ^ ^aII 

ojUjcIj SurfOffline tii^oj a V^lm^l j-J3 



^2. 



0 lo»M 11 



cill ^jolj jja^I ^U-a . (Export Wizard) jj^^I ^I^IojI 

DVD u-jS 
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BlackWidow ■ 
http://softbytelabs.com 

^ILai ^al jA\ j ij j $.1 (jx* !^£3 ci±jjiijVl ^^Jc j-J3 ^ jjja ^juL* j& jjoJ! 4L*jV l)BlackWldow 

WebRipper ■ 
http ://www.calluna-software.com 

Caj jjjVI WebRipper 
<1jU Jj^j ^ cUu b& .(Internet scanner and downloader) 



D-lODlHx| glijfl 



mSift 



WebRipper 



-^1 j (spider-technology)^j£^ W-A^WebRipper 

4^jla l^ijjjajj 4^Uua!>1! SjjUI CjULJ! tilli ^jj j^*JL CjIaL^jVI 

bandwidth ^c-Ljal t . nyil ^-i>.>ujj3I s^jLi <^i31 iajl jjJI Jj^'i 



Website Ripper Copier available at http ://www.tensons.com 

Teleport Pro available at http ://www.tenmax.com 

Portable Offline Browser available at http ://www.metaproducts.com 

Proxy Offline Browser available at http://www.proxy-offline-browser.com 

iMiser available at http ://internetresearchtool.com 

PageNest available at http ://wwvv.pagenest.com 

Backstreet Browser available at http://www.spadixbd.com 

Offline Explorer Enterprise available at http ://www.metaproducts.com 

GNU Wget available at http ://www.gnu.org 

Hooeey Webprint available at http ://www.hooeey webprint.com 



uL^jV! gjAjO&Cy* fiM CP cLk^LA EXTRACT WEBSITE INFORMATION FROM 

https://archive.org/ 

* Mj* ^ .(Internet Archive Wayback Machine) ^ cjULJ jo 6 jLc jA(Archive) uaj^jSfl 

£3 ^ jIj *nj ALo djl^jjaJU 4_j^LkJl C! il ^ q > jc CjUo jlx-<Jl (j^asu j till ^-^>.>ij _Lo ^ jc. <ijaijj>Jl CjI jl^^Vl 

> ^<JI ^ Igjl! j] c _^j3I djLd jIslxJI ^I^jIojI tl^jjl^j cjS j ^ CjLaij^a www.archive.org 



rt: Archive Wayback Ma< 



uiauDacumaciiine 



http://microsoft.com 



BROWSE HISTORY 



http://microsoft.com 

Saved 8, ISO times between October 20, 1996 and February 5, 2014. 

PLEASE DONATE TODAY. Your generosity preserves knowledge for future generations. Thank you. 



.IL.L 



19 20 21 22 23 24 25 
26 27 28 29 30 31 



25 26 27 28 



20 21 22 23 24 25 26 
27 28 29 30 
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(MONITORING WEB UPDATES USING WEBSITE WATCHER) fiJ^M ^\ja fb&iyAj ^11 atijjaS i^j 

http ://www.aignes.com :j^a3I 

jl l— lj iaj ^ q}\ cj^j LoAk. _4_ijtalill cj! jjjjuIIj cAip^ill Jc J jj^a^Jl jA\ ^inl (Website Watcher) ^ 4-^ - ikiujj 

iSlb 

, A > ofll J a £3 1 j-q (J^a^a (Jj^ia (jc A > ofll J a 4.1 ^jLi La jjlj <jl till ^jjj j& 



•;_-*«» loo* 

T, r»| 




Ofc. KWMtMd 4»ew*m«* 2012-C7-IB- lw^-yii 

ok HCfl-n-ar n->* 

Ok. phpU p»o< - 20(1-10-07 I 



We*!,ite Wwrh** □o^iMfj 




Sim r tnfu 



L>own»o*fJ WebSite 'Watcher 

W«e53tTQ-'fV«|-Ctw4.42 II kii 3031 




*t» wt n« mil l r»»- iMbng L»or »■ WebS4« W»*=her *ot ir<t*l tf 



(EMAIL FOOTPRINTING) ^U-W ^ ^IJ^W ^5UiL«VI cjU*P-3 



[TRACKING EMAIL COMMUNICATIONS] <^J>*W! ajjJ! CiVUoSI £j22 



^aaajudAj ^ jjj^IVI ^jjJ^ cJj^j j <ii!^>* til^cLaij ^ill l_j jLujVI (Email tracking) c^JJ^V ^J^' M 

jjjj j jl ^ ^jjIj j c£j (jc < digitally time stamped c> c> ^ .CM** 

.Paraben E-mail Examiner j eMailTrackerPro ^ c^jj^V ^J^' 4^ <^ 
.^liauJt ^ ^^kiauJI ^^UJI ^ jj Jj^. djUjk* jSjj ; proxy detectionj^jil u Li S 
fjj ^jll j >i ^Jj ^ 4JI aJUj] ^ gjill ^jj^V 1 Ajj^I :(Forward Email) t^jj^V 1 -^J^ 1 ^J 2 - 

^J^)Ja ^jC j}£ > >ij 6AjAaj 
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(COLLECTION FORM THE EMAIL HEADERS) yhjSty Cmj^ <> *Ujk»il 



.lift Jxij jl «J t aj< ^jjj^IVI .IjjJl 3JLuij C*U J^JJ (J-a^J! a3 V w ^ 6J^LJI tiL^ U^' '^JjW^ (J^'jC-Vj 

6^ JJJ^IVI (J^J J ^ ^ J^ 3 ^ (JjJ^ J 6 J JJJ^JVI <ItjuJJ (J^J ^1.^1 JJ^H '■^O^ *j 

t Jjuj^JI Jjj^alij C5 ic ^ jl^l ^jjjUxJI -C5 i jj^] aJLujj <J^ j^Loij Jill CjLg jIslxJI Jjjj^WI ^j^l l^j^VlhU 

SmarterMail Webmail - Outlook Express 4-6 - Outlook 2000-2003 - Outlook 2007 - Eudora 4.3/5.0 
Entourage - Netscape Messenger 4.7 - MacMail 



D.liv^«r~d To. ■■ ■ ii j Plie+gm^ll.oo. 

Received: by 10 . l 12 . 39. 1<7 with 3KTF 
Fri, 1 Jun 2012 21:24:01 -07 
Return -Path: <|gMnptnui^ui 1 . com> 

Ro c« lved SPFi paaa ( goog lo.c ran : domain of 



The dddrvb^ from which 



sender) client- ip— 1 D . 22 4 . 205 -13"/ 

it ion P^ault3: |xr .g-cgle.conv^ ^i.^ Sender's mail server 

i; .224.20&. 137 as permit CM 3€M€f! I?ft 
header . i"-jp#b^ejp»n*a I gnu i 1 .ecu 

Received: Iron .nr. qoogl9.com ([10.224.205.137]} 

LZI ■■• -v i . ,v ,- - - 



DKIM-Si 




Sender s IP address 



>psignato3 10.224.206.13'' M pomttod 



n of *^«hfl«nul9Mil . ecu designate* 
nw dJcln-pass 



Date and time received 

by the or igi ru tor 's 



it ijm * 1 1 . cxm/^w— iuTzTTTTT? 
h— mim- versions in -reply- to ir*/ 

: cont«r.t- type; 
hh-Tcun Pb4t i 7gfQ34*jhh70kPJk3c*Tt/ iACl 
b-KguZLTLfg2+QZXrZK«xllfnv!lcnD/<*-r4*Nk 



= D* 




Authentication system 
I by sender's 



! tO 



K5 ZAf Y Zmk I k FX ♦ V JL2q j 7 YOF* y 6oH cuPl € yS / C2 fXHVcUu Y «nHT /y«e vhCVo 90y7 TKt € 
/Kr w 
MIME-Veiaiyn; 1.0 

Received! by 10.224.205.137 with SMTP id t q9y *in i6 at «» i i 10 i na t>llOI0318 1 
Tri, 01 Jun 2012 21i24jOO 3700 (TDT) D^^ndfrn^ol 

- . ll wait, anu urn*, or . 

In-R. CAOYWATTl^JDXE 4!Vpi2^^H message wnt ■twnl..... 

assgRVn O-CM j c<j t gX ♦■U f 3 »_ 1 1 2 e y 2dXA I»a 1 1 . gma 1 1 . oost> 

I 

i r- ^^^^^^^^^^^^^^t^m^^ < m «0»«wgpa»rma#^HMiil .com 

- c ; TLmSMBde s f u II n a 



■■■00 (PrrT) f Aunl 

■RLil.qnail.ccr^ ^ 



ique number assicnr 
by mr.goofle.com to 
I entity the message 



ec#ybj 



(Email Tracking Tools)tr 2 Jj^WI ^1 5^2 cjljji 
6 (Sender identity)J juj j- < ^^ j!*a1I j^^nl j ^ jji&W! < ; till ^joij ^ jjjSIVI ^j^l^ c_jisu CjI j^I 

^jc Ai^jjaiAll <^]ai<J! * Aiaji a.a^1^.a1 CjUi jIslaII d^a ikiLuji aj .tdli L»j 6(Jjuj^<JI ip ^jl jjc t (niail server)-^o^ 

^jjuoll A! > nj jjj^IVI ^jisu CjI j^I ^jAslSI j3 jJJ ,<lifkll jjJ^lV! ^^1^ cJj^j cJ^jj 

jJ&N\ Jjj^I vSaul S Jl£ ^Vinn ^11) Cj) jjSf) JJS JiP Lu£ j 

eMailTrackerPro ■ 
http ://www.emailtrackerpro.com : j^-aJt 
Ji* CjUjkJI q^xj L-LiSjj ^jjjilVI aijJI l^jjj c5^^ cPjj^V^ ^J^^ L_ia*j sbi eMailTrackerPro 

L^l till 

.ui^Jt jifi i n^ t 4, <u 1uuj ajj ^jj-UI jjjj ^ (j nmVi ji A^jl [email tracking] ^jjKWt jjjJI 

cjV j^aJI j mj^ j^' ajL^j! ^^Luj Uiajl j 4d j jj^l)M ^jjJI ajjj till ^jii eMailTrackerPro 

aIjaJ! ^j^j <jlxua 6 (Email header) J jj^V^ ^j^l J *^ J J 31 ^ J 1 ^ 1 ft^^ ci^j^ c> j .(SPAM EMAIL)* j^li 
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j^va runtime (> *\"*" ^ 4_iLgjlII £>i& <J!^. <jl ciujiull j ^aLkJI wizard sl^VI *>i& c_ ujjj a \ 



;4_JU3I 4^Li3l j^-kia eMailTrackerPro <j^f^ <A*f" ^ .3 



File 



eMailTrackerPro vIO.Ob Advanced Edition. Trial day 1 of 1 5 



My Trace 
Reports 



Settings 



Export Rules 
Trial Edition 



New Email Trace 



Welcome to eMailTrackerPro version lO.Ob (build 4116) 

Delete Rule Subject 



No mail to show 
Sender IP 



No email accounts have been set up 



Set up an account 



Preview Email 



Rules & Filters 



Add Rule Add Filter 

White |( Black II Filters I 



M. + 



For 24 hours only you can get up to 20% off eMailTrackerPro! Click Here 



c_a jjoj ^1 j (set up an account) ^ jj^V^ ^J^' cs* ^ oaUJI l-jLu^JL a CjULj ^^ja j ^1 ^ JaA.5U .4 
^ (* v^ .. n ls^j Trace Headers J j ^j^j j^Vl -^j^ ^ Ja^!^U .tl^V <A\ (jjkij 

Visualware efvlailTrackerPro Trial (day 1 of 153 B 



Corrfjgure_ | Hejp | About 



eMailTrackerPro by Visualware 



I Want To: 

Trace an email I have received 

A received email message often contains information that can locate the computer where 
the message was composed, the company name and sender's ISP Cmore.inf o) . 

CZj Look up network, responsible for an email address 

An email address lookup will find information about the network responsible for mail sent 
from that address. It will not get any information about the sender of mail from an address 
taut can still produce useful information. 



Enter Details 



To proceed, paste the email headers in the box below Chow__do_J_fjnd_the_headers_'?^i . 
Note: If you are using Microsoft Outlook, you can trace an email message directly fror 
Outlook by using the eMailTrackerPro shortcut on the toolbar. 
Email headers: 



I.1H.1B7.1D1 wLth SMTP ±.-± itE c=p3 63 3 Ldc; 

1G.50.12B .3B with SMTP i_-zL r_J_SaiirE ^5C76C ijcjfc . 3 ? . 1 3 &3 5 G C PfO ^fE; 
? Pet 2D14 C3 : 31 : D-B -D-B0-D (PST) 

i-.l -lin^-VaT^ail w^rvrt fnl - 1 -i .-i^--> =i — ^-ti=i -i 1 r-r-.-n fTfl Jf? 1 ^ 1 "l 



Cancel 



Jaijjaj Enter Details o^^\ ^ aiJU ^ill q*\ j j Trace an email I have received .5 

.Trace 
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« 

File | Help 



eMailTrackerPro vIO.Ob Advanced Edition. Trial day 1 of 15 



Trace Trace Email Setti 

Headers Address Accounts 

New Email Trace Configure 



Export Rules 
Trial Edition 



Home |[ Subject Top presentat... 



All traces complete 



Trace Information 



Subject: Top presentations on SlideShare this week 
Misdirected: Yes 

From: donotreplytjf'slideshat ernail.com 
Sender IP: 74.63.202.74 
Abuse Address: (None Found) 



Previous Traces 



HTML Report 

Subject From IP 

Top presentation donotreply@slidi74. 63. 202. 74 



For 24 hours only you can get up to 20% off eMailTrackerPro! Click Here 









ii Email Metrics 


•wuanMirMiiM , 




















Mp« 1M 








Opm Odta 


^ 0O0X * 000 \ 10COOM 
















• WW 






MMMI 






M ■ ] 








1 1 1 1 1 1 1 1 1 1 1 1 1 » 1 1 1 1 t 1 1 1 » 1 





E m ail Lookup 



Free Email TwacY*LGr 



luicnl: Honh Amen 



IP Addr 



Organ i z Atii 



*2 7257. 



| — ~" 




PoliteMail ■ 
http://www.politemail.com : j^^t 
fcM* j* j .Outlook g^^jJ c^jj^V' sbi PoliteMail 

tl g a^a ^aJ ^^jll <Lj jit (j-a ^1 j ciL (j^aLklt ^O^t ^li (j-a J <Lol£ (J J > rol aj 

ajjJI ^SLojj *L&] cilj£ <Lj .Ajj^all t*Ui J Uj ojbiU 4-L>l£ 4^taj ^LuijVt jbl^t 
^Iijujj UL^o tJajl jll Jc jiJU L_ala J>JI ^IS tit .^jjl&lVt •AjjJt liA 

Email Lookup - Free Email Tracker ■ 
http://www.ipaddresslocation.org :j^^> 
^ilt ^jjjilVt ^jjJt sbt Email Lookup 

(jjjtj (JjI^J (JjJ^Ia (jC (Jjoi^JL ^aLklt JP (jt ^JC ^*1^J 
^gj JJJ^lVt AJ^>Jt (Jj^I j ^cjoij jjJ^lVt ^^>Jt 

.U.1JJJ ^t diU jl*^3t 



Read Notify ■ 
http ://www.readnotify.com :j^^Jt 
s^lftl jt ^iilt ft^t jt ;4^isuj ^ilt ^jj^Vt ^jjJt ^ia dj^. tit ciU^U tillij .^jjj^lVt ^jjJt ^ ^U^k till jSjj Read Notify 
cj5 jj ^cjjIj j 4<JLaj^)3t ^iLuax a!A£ (Jj > rol aj (JiL<i djUi jlx-<Jt (j^axj till ^jjj ^ jjii^3Vt -i^>Jt ^iiil Read Notify j^j^ J<s^ mi j1 

,^^.j-<Jt (Jj > rol 9J j ^jjatLJU ^aLkJt JP ^jt jjc t^i j>Jt jjj^J ^JaJ^k t^llLdl] ^t^scaJt J>Jtj <!Luj^)3t 

DidTheyReadlt ■ 

http : / / www . didtheyr e adit . com : j^-a^ll 
.^L^ J ^^13 s i gn U p £\ jiiVI ^ ^^^^ cJ^I i> v JJ^V 1 ^ > DidTheyReadlt 
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L^jt u' ^J 2 ty < Jc- . ^tLu^M jjjjUVI jj Jl u'j^ J) " .DidTheyReadlt.com" AiUiaj J) £ 

6 ja Jj£l^ j <(ellen@aol.com.DidTheyReadlt.com) JVI£ jl jjJI l_jj£3 tdjli tellen@aol.com J) J jj^I ^j* J 
^iij Jc Jaxj sbVl . j jj^IVI Jj Jl jl J] (.DidTheyReadlt.com) a^L^U U ^jj J ellen@aol.com ^Jt^JI 

Jjjj^lVI ^ Jl (j^J^ 3 ^Jf^ (j-alaJl Aj Jl ~ jklud^ll ^jflj bl . JilUll 4_njj jjJ ^ILklb lgl> u jj jll Jjjj£3VI Aj Jl 

<!Lajjl3 ^2fl cioj^ ^ jll jl_L*13 Jl jx^JI ^<JI till jj^j ^j <LuJI j jjxluil CjS jll j* ^Sj iSJLuJI ^tja ^j* <jl tiL <j-aLaJI 

TraceEmail ■ 
http://whatismyipaddress.com : ja^JI 
Ja2a ^Ij^j . j jj&IVI jj Jl oj jjj Jj bUU j jj^VI ^ Jl c> j^^Jl IP u' TraceEmail sbVt J 
J j JjLj jLj aAc Jjj^a^il (Get Source) c3j* j^I ^ l^jjj^I £0* J ^ j^lo^ l Jjjj£3VI jj Jl j* J^lilU jjjjjJ <3*-aIj 

^ jj J t-ib J j J^V' cJjI^j jc- ^-aj^ll Jo SjJall J jj^VI O^J Jj^" V .^cjUjJI j J jj^Wl 

jl ^jiajjflj sbVI *>j& B gc. j-<JI jjjJIj ciin^J! Jjjj£3VI aj^>^I J AjuLuj jjjii-^iyi -^>^ &jj j*ll o^jj^ 6 ^ .*Oj3^I 

ojj^ Jiiiuvi jLulo j jjji&lvi aj Jl jj Jl Cji &iLa/^i 

MSGTAG ■ 
http ://www.msgtag.com : ja^JI 

U^jc cilj^kj Jllj (read receipt) Wj^ j^j jllj jjjjUVI jj Jl ^jjj Jo jjjjjj <jjj cjb sbi ^MSGTAG 

t * a j - taJ ^lxAjjjII |j& ,^1x3 t^L <j^aLaJI Jjjli-^lVI ^^>^^ (JjIjujj d^IjS ^aJJ LdAjc A > <a1 ^ j tiL <j^aLkll JjjJ-^lVl ^^>^^ (JjIjujj ^JJ 

MSGTAG A <i3j±k2 4j1I ^ jjjSII jjjj a1L»j ^ MSGTAG^ jj^V' ^ ^ f Ltu ^ jj^V 1 ^ ! 4^ 

Zendio ■ 
http ://www.zendio.com 

Jl AjljiL JIlJI ^jIj jl ^j^aj tiLi^lcU ^ajL 6 Outlook AiUiaj (jc ojUc j j jjii^Wl Jl (j^Jaj j& Zendio 

■Jjj*^ 

Pointofmail ■ 
http ://www.pointofmail.com :j^^l 
cill ^jIjj tdjli^LJI 2^H3j *4^Lui J ^IIolaII 6^IjS j ^ > >ij a j jjii^lVI Jl 6^-lja j ^!>l-Laj| Jj Pointofmail.com 

Jlj d^I J3U ^IS JjJ^V^ ^^)^^ (J^^^ ^3J^^J 6 Ji^l a ^ CjU» jls«-<» JjJ .aJjujjaII (JjLujjII jl l!^'^ 

.cjIjU^VI SMS lJj^- Jj Jj * Jjj^V 1 ^j^^j 'tf^ 1 -^^jJ^j 

Super Email Marketing Software ■ 

http://www.bulk-email-marketing-software.net :>i^J! 

Ujliti 6jj_L<JI J jjli^lVI Jj Jl jjjUc 3il£ 3JI jj ^23 .HTML cj^^j J JJ^V^ ^J^^ lS^^j j o^^\ £y* cJ^ j^j .u^j^- 

J j J Ja^a J JJ^V^ JftLall Jj J J JJ^V^ <!l^J Jl^j] ^JJ .(JJJ Will b^ ^l^klojU 

t(j^j < alo Jj JLoajVI J C-JJia jll JjLojjII (jc !)Ljaa ^I^jj <Lujj>JI JjLuj J Jjjli^lVI Jj Jl jjjUc Jai^j . Jjjj£3V1 Jj Jl 

Microsoft Excel ^ J TSV 'CSV 

WhoReadMe ■ 

http://whoreadme.com : j^-a^ll 

jj Jl JjI^j j jl a j^a ^1 ^jj3 jjSj J j jSSlJI . Jtull ^jouIU UUj J jj^ jjljj . J jjj^JVI jj J! jjjj Sbl ^WhoReadMe 

^JJJJ ^aj£j <j| ,(JjaJJ-<Jl (Jj3 j-d (JjoJJ-all JjjJl ^JSJ ^JJjoixJI ^ajflj 6J-G j£ J <JjojJ-<J| jUakj ^aJJ \ £ J^XJ (_^J^>J ^Jj A-!juJJ-<JI J JJJ-^VI 

,^JI tl^jVlja j JjLojjII J^jj (j^j SaaII j ' CSS^^ M1<1 'Active X controls ^j3I ^i^L<JI j ^t_>.*>ij3I ^Uaj ^ jj JiLd doUi jIslaII 

GetNotify ■ 
http ://www.getnotify.com :ja^JI 
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-JIolaK qj± djIjUxkVI J^jj .^o^ j £^ (filial I ^jlj Lft^jc IjUakl Jjujjj jjjSJVI *ijjJI c_jisu shl GetNotify 

G-Lock Analytics ■ 
http ://glockanalytics.com 

jjjlli m \^Lji J axj ^jjjilVI ^jjJI JjI^ jl U lJ^xj cill ^joij liA .^jjjilVI ^jjJI £±2 ^ G-Lock Analytics 



In Gmail 

icPVIS Show Original j^j g^VI c^- ^ > ^ J' Jj^l a*j .<Sl^ jll j^^x^ 



YouTu b> c -=: n o re ply @V ut u be c o m >■ 
o me - 



Mar 5 (2 days ago) 



Arabic T 



Translate message 



You 



Tube 



j a n a have you seen these videos? 

Here's an automated list of some of the most popular videos on You 



Reply 
Forward 

Filter messages like this 
Print 

Add YouTube to Contacts list 
Delete this message 
Report spam 
Report phishing 



o 



Show original 



Message t e>ct garbled? 
Mark: as unread 



In Hotmail 

lajfl <!Loj^)3I ^^ic ^jjj jUJ3 (j-<^VI iaxjJalL ^ jlj 3JLoj^)3I QjA\rtA ^^ic <J j^^JI j Gmail c-j^ La l!*^ 

.view message source 

In yahoo - 

: C5 jVIS view Full Header V* <^ta k» > ^ More s^^h 



HD Delete 



rvi o ve ■— • 



Spam 



More 



I 



Facebook 
Face-book 
Faceb ook 

Mohamed Ab da 1 la K 
Facebook 
Shahiya. corn 
Facebook 



LjldTHany 4 
J : ,LjRamy I 
ujjj 1 1 ■ i Ra my I 

jaLcMohamc 

JbjAlkhw; 
jUM o h a in e 



View ■ 



rvl a rk as Read 
IVIark as Unread 
Star 

Clear Star 
Print 

Filter Emails Like This... 



View Full I 



>ok Hany Goda LxLblHany GodaLd 
•ok Ramy Esam »±Jj L»ij Ra my Esamjj- 
Ramy Esam ^jLiiRamy Esam^JI I j_ 
Ed Abdallah,j^b ; 

)k Moharned Rafat ^Lsirvloharned F 

Ip. -3-- -ijj ^jJCSJil I I uljj I O JlJfa + J^-^-^cjLi 

' at facebook lLI It j Al khwa rizm i C 
■k Mohamed Rafat ^l^Mohamed F 



4:23 PM 
12:57 PM 
1 2:04 PM 



,1ar S 



Online Email Tracer ■ 
http://www.cyberforensics.in/OnlineEmailTracer/index.aspx :j^JI 



\ Resource Centre for 

^Cyber Forensics - India 



Online EMailTracer 



cone 



.tJjua jA\ ajj^S ^jjj^IVI ^jjJI sbl yt> Email Tracer 

Jjaj^ll aIA^ <Jj > <al 9J laxJj jjj^IVI ^^>^l C-H'J 
Jjoj^II ^^ic Jjii*iJ AjjojLojVI 3 laiill ^^jI! j tIP (jl jjc (JLo 
^Jl 4_xi^kJl ^a^Ld (Jj > ak\ qlj t^J^)Jl ^^Lk 4^J^)Jl <lsuj| C^iJl jIjoixJIj 

c5 j 1 ^ <J\ U ^1 ^ jj^V^ ^J^^ Email Tracer 
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^jjJI tSj^ ls* .l^j-^^ ls j/^ * j djUi jlx-<JI ^ s jjj jj <jl jjj^IVI ^jJi (server) ^ ^qU/^^l j^J 

djlg^. j-<JI j ajU^JI ^jlj^a. <JLg ^ ^aLiJI s j^VI <j-« £y * j>j (external traffic) ^j^j^JI jj^>^ > ^ 

<j^ ^JaS ^ 'l^ ^ ajjj .iiL 4_j^aLk!l CjI^jJoII <Jk.b (jj^j La s^tcj t^l^Ut jl^aJI '(routers) 

u) .(calc.exe) (.exe) jl (.bat) *'j^ jjc. Ji l^L ^ l$j^ t^jj^V' Alh J-^j] j* yHJJ^V* Al>^' 
^jjJI ^Lk cilLj Igil t^^JI 3 Jala!) Jk.b j ^xJI t A>^l^l ^jjjilVI ^jjJl ^Lk <!Lojj JLuijj j& <!UJI cJ^JI 

.<Lojj]| (J^aSj >h ^aJ <j* j 4^ jjj^IVI 

^jlaxJ ^-Ij^ImiV U3 ^ajujJ ^^jll j m( ^J jjj£3V1 ^^>J^ (J^ JJJ '^^J \->~^ ^ ^-<ft.>.>iJ Ai^JjauJl jjJ^3Vl ^^>^^ ^a^l^ ^jll <JLojj J j 
^J^)JI AjjL^jII 3^^1sl!I jl ^\ m ^ L - J ^ J^'^ J ^]j IP cl^J^ c ' ^ 6 cP JJ^V^ ^^)^^ <J J^- Aj.t.»Lt.»Vl CjUi jIslxJI 

.exploitation phase <^ ti^^ V **** j^^ j'^b IP u^j^ ^ .gHJJ^V^ 



(A^ilH]) cjljbi^VI) COMPETITIVE INTELLIGENCE-4 
(AjjIjUHu-VI ^U>a1I COMPETITIVE INTELLIGENCE GATHERING 

.A-ljudfll ill I AjjUkjjujVI CjLd jlx-<Jl ^a^. (jia^xJ ^jjjuJI 6j3 jlxJl CjIj^VI ^jAslSI ^jj 

.A-ljuafll \\\\ djl jUkjjojVI ^-S^ J^ ^-^J^V^ ^b^luiU A£jjoJ| CjUjSj j 4^jjjuoaLL<Jl 6CjL^1L<JI <J ja. CjLg jlst-xi ^^ic <J j> <aaJLj b^ L_ a^>xj 
oi^ A a)\\a\\ ^^ic JJjJ (^31 ^Jl 4(jJ^jj-<Jl j ^^^slSI j \ gjl aala (JjlaJ ^jC Uiajl (j^3 j (jJjuaa\_L<Jl (JjI^J ^jc JaSS ^jjjJ 4 jmM llH dj| jUklujVl 
m ^c\lx^\ ^jjjjud^jl! j\ <jj^ja3l J^Lk djiij (^^J S^jujLiA 4_jj^i3l 4_i^LJl <3jjoij 4JjIL» \ qaxaAi Jk.^j jjc. (j>»j <Lib (jj^J ^ jUtII 
Jjjoj I^t ^ J^^J ^^A 3 ^ <^-J^ j1s«-a31 ^-Ia^j f^lc (Jasu L^ij ,4_i^.jLkJl jLftcVI Ajjj c _ 5 ic ^^jaLiJj cJ^joU j^J^ ^IaslSI o^A 

^ .Intelligence ^ ^ tS^io dbaJ Cjx^ ^\\ <£\ jUkiaaVI cjU jk-JI bj <jU ^CI professionals ^ ^j 

Cijjjjyi < te5 -ic cjUuji jic-i jSj tCijjijVi La ill dji^^p^ 

.< - gallj tCljl j-gjj>JI ;4_jjL^j3I Cj!)1^<JI 
^^^Jall (J*jj] ^1 jal L_fljJa jJ ^ JSI cA-jjl aall 
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?*jjki lJAs ? [WHEN DID THIS COMPANY BEGIN]*S>^1 • 3* ^ V«auai cjljbilutfl 

^J^J Jc ^cLoaJ .^ill jjQ^j 4_iaJ^)Jlj A^UjVI (JJjud^J Jc ^cLaaJ l^T ^aJ jll ^jjjoialixJlj *L*aLaJl ullj ^jlj jll £Aa. 

:gr L Ul CjUU! 





he-res is it J J JT , uu-*. 1 1 



H owv dtd it 

lop ? 




Who leads i 1 7" 




?(When did it begin) 4£>ill JU 

<-<il^JI CjU» jIslxJI 4(jLia.VI o^asu J .Alistxi a£jjuj dbouojlj JiLd tl^jLA^. (j^-GJ Jll ^jjIjj ;4jjuoaLii3l CjIjU^jjojVI cJ^-^- 

?(How did it develop) ^jj^ uL£ - 

(J^lcVI ?<£jjudll £>i& <Jij I^I^JjojI ^aJ jll 4 alia all CjLl^Jjl jlalVI Li .4 m ^ ^JJ^l J 4-9^>X-aJl 1,1a. jlLdll 

?(Who leads it) li* j & ^ill <> - 
^.uili^l J ( jl jail ^iL^a) s^jI jll /Ml ^jc Ju^lqfll ^isu J La a^jj^ diL* jLcaJI icLoij 

?(Where is it located) tej£A\ &\ 

£>i& ^I^jjujI <lj .A-iJudfll nil CjI jU^jjujVI <J^-^ ^t* ^ ^ j^^" j jj* t ^ <jj^all <»— ili CjU» jlx^Jlj a£jjoJI j>» 

# <jj^jill 4_ia»Jj| jIojI ^Uil AjjuoSLlill CjIjI IsJLujVI <j!^La. (j-a l^t Jill CjLg jJjlaII 

.A-luuSUj AjjIjLaIi ul CjLa jixA Jj-ua^Jl £jj a Iajj oaII J&Luij Jll CjLj jl*-all Ij UJ^ lt^^ J^l j-aII (j^axj Lu£ 

EDGAR ■ 
http ://www.sec.gov/edgar.shtml : j^-aJI 
.EDGAR J^^- Lij jj^j JI£juj) j tAjjjJI jjjliiill t Jj-> uull dAiUj ^ll^j A\ j ^j/^VI 6djl£jJall ^-i^ 

<j^ill Jl Ci^^a JjIj jll .(FTP j' s^j^^) ^j^V^ c> ^j^h EDGAR ^13 ajJj ,n 

.EDGAR uj^ 5 V ^ 2ul*ll jJJI Jja ^ 

Hoovers ■ 
http://www.hoovers.com :j^^ 

Hoovers j^j^ ^-i^ J cjlclL^allj cjl£jJa3l ^jc <Lil£ Jjj^alij ja jj Jll ajjL^jII cj ill j^Hoovers 

4^*1\ cjISUjVI 4( w ireless)<^^i * j^Vl 6 (data feeds)^^ 31 6 ^ j^V^ c> ^jM^ JUcVu aI^A\ CjU jkJI 

, ^ - ajSVI ^i^J jll ^jjjUIIj tdjlcljj^llj ;djUJal<Jl ijp. 4_Ldl^ CjU» jl*-* ^ laatJ <j| ^ClljjljVI ^5^>^VI CjUj^JI ^ 4^jlab<Jl 4jjL^j3I 

IaII (J>isl1I Jc (J jj^a^Jl (J^.1 'Ljajl (jjlJjuiLLall a u^VI -laJ^)l CjIj^VI ^3 jJ 

LexisNexis ■ 
http ://lexisnexis.com 

tdjl^jjuall i a <ill ojbl t^jjjlill J ^iLilxll ^ni^ <ill L^a^ ^ <J jl^-j ^ jla aII <ul ^^llxll j>JI LexisNexis 

.^^IaxII J jUlft J UJ^ jL^cVI j^L^a-a j t jUa»VI J tdj^^ uill j ^JjIj jll .<i^all dlli diUi jIscaII j 4jj jjUII 5^1x11 Cj!^^ uoll 

https://www.facebook.com/tibea2004 ^uJa ^^aa^a 



64 



Business Wire ■ 
http ://www.businesswire.com 

<Lftl£ Ajjlikyi cjljJdill ^ jjj ^ <Lila±lll ^-L^aaVlj 4_ii^j^a3l CjIjAiII ^jjjj (^Ic j^jj ^^jII ^^a Business Wire 

(jjiii^j^l! ^^ic ^JlaJl s-L^il £Ja*\ (jg& 4^JjoJI £>iA JjS djUJaixJlj CjI^jjoJI L_flVI (jc S^Axlall LjI i o jll jla 4 jjj^IIj 

? (WHAT ARE THE COMPANY'S PLANS)**>^t Uak U. i+Am oljUiiy-VI 
UU-^ j dlSjJ«Jl JjxII (jt 4 nit tliLajL m ll ^fl a LAaII <-jjjJI <QlaVI (J*s*J Laj£ 



Market^ atch 



rfcLE WALL STKEhTl' JOURNAL. 



http ://www.marketwatch.com 

jUjIxJ! t JU&Vl jU^I ^SjaII j^jj .(jlj^Vl MarketWatch 



twstxom 



http ://www.twst.com 

JUJI j^j j . ^ jUaVI j^j^ S^j j& Wall Street Transcript 



UPPER MARKETPLACE 



http://www.lippermarketplace.com : j^^l 
jja jj j JjaIj ^ ^Loij (jjjaJI 4j5 jjoJI <>u£3! ^j^i3 ^a ^1 d±ij±iy\ a£i£ V jl^ LipperMarketplace 



EUR0M0NIT0R 
rll INTERNATIONAL 



http ://www.euromonitor.com 

J^l jxl\ j j djlclL^all ^jc jjjIsj <^ j .^^^jjujVI (jl jjujbl! ^UjouIU nljiujVl cj j^kJI Enuromonitor j^j^ 



Fagan Finder 



http ://www.f aganfinder.com 

j i jU^VI ^l^j '(blog sites) ^ ^ JJ^ j& cJj CjI j^I CP- s jW^ FaganFinder 



http ://www.secinfo.com 

^ tCij jl>y! ^ (SEC) ajSjj^VI cjL^jjJIj 4_JUJI JljjVl c> c> ^IjJt s^clS ^Sj SEC Info 

«>j SICj ^jMI JL^Vlj 4AcLl^1I c^Vl (Jjj^ jc d^JI cill ^cjjj l^iV .SEC S^j c^ 1 -Wjj^ c> 



Search IVIonAtor 

PAID ♦ ORGANIC ♦ LOCAL ♦ SHOPPING ♦ SOCIAL 



http ://www.thesearchmonitor.com 

tAja jjoJI a aA\jaj till ^r-^uij . jj-aVl c> d^jll ^ Ajjuiliill CjI jl i^luaVI The Search Monitor ja 



https://www.facebook.com/tibea2004 



65 



(WHAT EXPERT OPINIONS SAY ABOUT THE COMPANY?) U Jj* * lj£M * Ij A^IHII ^IjLi^utfl 




Copernic Tracker ■ 
http://www.copernic.com 

jla &1I ^a djljjiiij tiliLjj ^jjab<i cJ^^ (J;1>.>i31-1a31j <j^aLaJI ^ ^jSI^a ^5^* J-**^ .'"^ ^j.^ c3^f^ j& Copernic 

SEMRush ■ 
http ://www.semrush.com 

^a uiaII ^lloujjII CjIaKII ^ <Lajta ^^ic J j>^ll cilj£ aj ^ _< ja ^Ll A ll djl^jJJI ^jc clival] jJja ja SEMRush 
<L<ixl<J! Ai^x-<JI l-jL 4_jjjjjja3l JjLoj jll .<J^ t * w . < ^ QjjuaflU^ll <-ajla ^^Ic J jj^^JI L*l ^ Ad Words j cJ^ 

SElVIRushcJ^ Cy* ^ ^ ^-^j-^V^ c3^j jaj ^^ ( ** ^ *^ ^jj! u^j 1 ^" s j ajIc-^JI (j-a (jjjuialAxJI <j U» J 

Jobitorial ■ 
http://www.jobitorial.com 
^jc 6jjau La ajjj (jJ j^^JI ^ - A t.>Lj Jobitorial 

AttentionMeter ■ 
http ://www.attentionmeter.com 



Afh*" Igil .QuantCastj 'compete <Alexa ft^LAj (traffic) l?\ <jjLLJ sbl ja AttentionMeter 

.QuantCastj 'Compete <Alexa i> ^ j^jJ* tilliSj CjUUJI jc. a±& 

ABI/INFORM Global ■ 
http://www.proquest.com :j^^31 
.CjUjIouJI ^.ix^ ^ o^Ull aJUJI j ajjU^II cjU jkJI dnj . JUcVl ^lij s^clS ja ABI/INFORM Global 
Sjl^VI ^jUui 6<jjUj3I cjUUjVI 4Sjbyi CjUii cJaxJI ^jjJi ^j^j ^^kiaixJ] ^ji^j ^ABI/INFORM Global 

Compete PRO ■ 
http ://www.compete.com 

^tlLd (JjI^jj tciia jj j-<i J£ ^^^j j^a .djjjjVI ^^^-Ic 4_Laial_ii3l cjIjU^jjojVI *L<»^. ja jj Compete PRO 
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(FOOTPRINTING USING GOOGLE)J*j* P iJii^ £5Usfi«*! U«p-5 

4_iLa*J A g i\ ni a dbaaJ Ja. ja. ^lAaJLaib (FOOtprilltillg) lala>V) 4_iLaC ^jli tCliaJ cilja^a (jc- £>jUc j& Ja. (J> £y* (Jc- 

m (j^\ ^a. ci±aJI djl£j^<i J-aJjl j Jjjaal ^ lAaJ j (jj^J Ja. j^- ^-tiffl ^ .cliaall CjI^j^g J!>la. Cy* (Footprinting) ^^JaioaV) 
a *^f" ^j^V^ a< "- ^ cs - ^ ^ j - * ^ gaS jjc. <jujL &a cjLa jist-<i <jJ3^sl! cillij 'violently spider websites ^> ^ L - J ^- 

^JjJoaJJ jll CjULJI (jx <1jU CjUaa" £jLuJl £>A& Jla .(J^ ^j^i Jla) ja> c fllja^l JaLaJl ^l^c-VI 

<jj^aj3 .Ja. ja. <jj^aj3 j& j tAUa. Jaa. L_±ail 62000 ^ J^ J' J .gOOgle Cache J UJ^ ^Liill ^ Ul ttilli ^ I jjujI j <dijjSjYI 
Jla 4^ jjJa j-all Ia& Jja. CJj£ AjtjJaJ jJoj ^ill 4£U jl J ja. Jj3 (j-a J jVI ^A3 [gOOgle hack] J?> 

J^j*- *l jj s .[Johnny Long] cPj^ Google Hacking for Penetration Testers 

m AA JJ*-* A*us\ j 64jUl13 SAAa^a ClAiLa Jc JjilxJl j Clia-Jl ^ullj ^jjj > >iM Ja. ja. diaJl til^a^i ^£ <LaAala t— laj dj^^Lalx-a ^lAalLajl 

AjjuLojVI djUl^klaaVI CjLa jlx-a AaJ J\ A'&a\ 

https://support.google.com/websearch/answer/134479?hl=en 

.(jljlaYl (j-a AJ& jll ^aUaj o^ljoiAJ^reqiieSt) CllLAlall (J^aia J ~ liilLaH l— la ill JxjuLaJ Ja^)ixJl ^lAalLuiYI fijlilij Ja. ja. ^ajl} ;4 1 A 

FOOTPRINTING USING GOOGLE HACKING TECHNIQUES <J*J* ^i^ajS ^a&S ^(Aaa^b ^!sUau-VI 

D^istxi ^l^aJLuj) (Jjjia (jc Ja. ja. L_ laji ii3ja^i J^la. ^ bStouz tl laj CjUIxC ^Uljj <jfl (GOOgle Hacking) J^J 1 ^ jfl 

pUj diaJalaal lij .^a! j-<JI ^Aalujj c _^i3l jj jjj^m ^1 j^l j jI^c-VI djlil^ ^ AjioVl cijl^sull ^^ic ^Ui j (google operator) 

^LLu2 j3 A-iL^c J^la. (j-G e (Ja. ja. L— laj ^cjllj (j-o Ai^JjauJl a£jjoJI <J ^a. A^& ^^-^ cJ jj^aJl t^li^^j 6<Jjoj1_L<JI CjLq^jlIuj V I 

jjIIslSI til^cLoaJ (Ja. ja. ^^xjuLq .^LujI uaaJi CjULiJI Aj^j] ^^IxjjajVU ^alaJl CjULiJI AcljSj t(G[J£)B) (J^- Ac I j3 

<iaa. ^3 AjAaJ ^ i£ (JjiAaig-xJ! ^jli ;^AalxJl (Ja. ja. (J«juLq ^lAaJjujU jjJa l^J 4_L^ V ^^31 djUUJ! ( . llaJj L_J jllaxJl (j^aill ^^ic 

: [advanced google operatorl g^fj) 

4_iLaC ^ o^lilojl - gaSl ^^ic J jj^aJl IjAcLaaJ (_^^J jaJLudVi 4_1^joj ^^jII CjI jJJaull C-pasu (Ja. ja. jSjJ ;U3 <Jjaii3lj JaaJl (jjoiaJ 

# Ja. ja. (jjj^^a CjLg jlx-o ^1 j^lml (j-d 1 Y&a \ 4-1>.>uj^)3I djUJall CjI ^-la jlill oi^ ,CllaJl 

<Gc (>jiaJJ L— n£ (^^^ L-SA^Jl AjAaJ ^jj ^j5I ^ Ua ill Jj^aj ^^Ja. tiL ^alaJl L— La ill AjLqc ^jjjJalj (ill ^ajujj ^ Nal^u cLiaJl ^Ixjolq 

[(Ja. ja. (Ja. ja. ^Istjaui ^Lojla ^^ic ^!>UaVI (ja-aJj tJaJjJaJU 

http://support.google.com/websearch/bin/answer.py?hl=en&answer=136861 

11a pbV Jajudjl .La ^j^i^ ui (dSU.edu) ^ ^d*^ J ^3 j-a ^jC CjLa jlstxi ^jc Clia^J ciljl (jlajja! I^UUl JIIaJI ^ jlaUl 

lJ jjoj diaJI li^ [pat engebretson dsu] '.d^ ^all ^ CjU^Ic (^1 JjAj) <JU3I cj lalkj^al l JLk^j ^ diaull 

(dsu.edu) ^ iaia ^ulij aj^j>\ a ajjj 50 <Jjt lS^^ .^^-^^ ^ ^ 

.UoAjjj c _^j31 diULLxSLj ^Usll (Ja. ja. Jj^j^a Jf?^ (j' O^-^ cl>^ '("direCtive'^^^J^) J^J 1 ^ cr^ ^ (j-* ftAlilmVI (J^la. ^j-a /ojJjU-a 
(Ja. ja. jUa.U (jj-a%x» (jaJ tl^jAaj Ja^iJ .l^ic dlaJI Ajjj c _^j3! 4_Lanjj3! CjLaKll j c flA^JI £3 j-all ^ J£ ^^>^ cP^ 

D^lc! JliaJI ,J 

^j-a SaUIujVI ^ UjaI jUa. JjJafll tAJlaJl oAA . (dSU.edu)^ 1 ^^ ^-^^ L>^ ^J^W^ ^ P ' " (,5-^^ ^'-^P- ^ 
^jJl ^LloujjII CjLaKll ^^ic ^ jlaJ c _^j3I ^ullillj Ja93 SA jxl\ ^^Jc (Ja. ja. jfaJ <jaufl J^ull li^ ^lAaJjajU .[sitd] J^f^l/A-ia. j!i3l 

^Aa-xJl ^3 j-aJl ^a S^)jujLi<a (^^5 j IaI LaAaJLuJ 

4_al Ikloil Ajjj (_^ill ^Lia. jlill ^jojI _ \ 

.Aja. jj3I ^3 4^alAaJLoj| Ajjj ^ill ^ikj^a-aJl .3 
La jLk^j <a.laj c jaJa t'site:" ^ J^^ (*l ^1»»iV .*^lc Jxij La£ diaJl fc&S*J to^lcl SAjl jll CjLa jlxJl (> ^JaS Cj^I Jla.^1 Asu 

t^J- J (^ 

siterdsu.edu pat engebretson 
https://www.facebook.com/tibea2004 ^uJa ^^ao^a 
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£fl ^pat engebretson j^J (jA^I U3Hg J j^ll ^\ j t^jjl jSII j 4_ia> Jj1\ q±s aAL^ V <j! Ja^^U 

. Ja> ja> diaaH -lajj^ J ^LuJI Ja^l t liA Jta->V .[dsu.edu] 

;cjav ^a. a j > ^>^)3 
jxJI CjIaK Jc ^ jlaJ ^jJI CjliLJI 

<J ja^l CjUI Jc J^aJ CjLaij^ll 
^jlaJl ( - ^all Jalaj j ClljjiaJ 

GOOGLE ADVANCE SEARCH OPERATORS J*j* f ^ 

http ://www.googleguide.com 
t> J^ jl^-aVI c> «-±ijll A^i^a (Google's cached version) J?* lP 3 j*^ cache ^Uia>l [cache:] 

.Jaw jaJ d£j^<Jl (jj^aJill Sjali j-G S^judLx L— m Ja£a CjLg jLlxJI jg laJj CiaJl ^jUj j-a .lail ^ 'i* A ^nll 

.(cacherwww.eff.org) : JUJI lW^ lA- 
.(cache:) u^j URL Oljfc o£ £*i2 V i^la^L 

t"\\ t^i-v <\\ 4(Jil<JI (J-ijjuo C5 ic .L-jjjll a a q-^>^ s i ^ &1I Jaj|j^)3l Jc j^aJ djLa^a (^^-Sc J-**^ link [link:] 

j j^j <j! liA .(link: www.googleguide.com) J^J ^Google Guide's J ^31 

.www.googleguide.com -Wjj jl ^ ^j 1 ^ cjUi^» t*B 

(link:)u^ ^^^^ a^\ Uiajl Jia,^U .4_j^UJI ciiaJI CjIaK (link:) (t>w ; ^^^^ V" ^ Jc. jc. ^Jjj jjI liajj ;4Jia,^L<i 

.cjU!>U1u>VI ^ (-site:) lU^J^ ^) 
^^Uiail ^ jj^UI jJl <£iUuJI £$| jJt o^^s J^j^ u^a * " related: " ^ 4? o-^^^ ^^i^VI ^5 lij [related:] 

microsoft.com.^ 4^jUU! J^j^ ^ (related: www.microsoft.com) : J^. 
JJ^ Jja. coUjkxi lJjjoj (info: gothotel.com)' .^.^ ^ CjUjkJI (j^xj t*U ^ lJjjoj [info:] 

.GotHotel.com ^ jJI ^i^J] jjUill 

URL L^^A 3 ^A^ 3 J^^ 6 ^ C5^- <J jJ^aaJ! (j^J LaS. 4-lJj ^LaJj^aURL J (illfoi) ^l^A (jj^J VI ( ; lao /4iLa^L) 

# (Jav ja^ CiaJl £-}^y* ^ 6^)jujUx ^JJjll 3 ^ 

# 6^^aJ ^ill ^jj-d jJI jl ^ j-<J3 tiiaall ^cjUij ^jjaj ^^ic J-<uu lJ jjoj J^. j^. ^jli t ciL ^j-aLaJI ^^IxjjojVI ^ (site:) ^l^aJLuilj lij [site:] 
^ [peace site:gov] j ^l^^U ^ J ^ ^ J€-^ ^ (site:www.lse.ac.uk) lW^ 
(gov.) j» (.gov) M ' Jlialt c^ic ^period uj^ j' t° J^' .(.gov) ^LA\ ^ djKq>^ll 

■ U^ J^t J "site: " ^a^-« ^jJali V ;<iaa^^Li 

Ja jj^ c# y?^ ^ ^ ^ * allintitle 4? o- 3 ^^ ^^Ui^VI J^-^? lij [allintitle:] 

detect cjUISII ^ (Jj^jJW I^a JA (allintitle: detect plagiarism)' J^J^ J^ 

.Occurrences ^^lJI diaJ3 c_jjj3! 3jai^a J^U ^ iiJijll ^ C5 lc Jj^iaJI ^jl^ U£ .^j^ J plagiarismj 
. jl jixJI ^ term ^ik^J! ^ ^ jiaJ ^1 ej hn . n^ t ^tnll cjj^ 11a jli (intitle:term) J^ [intitle:] 

^uii a A \<i\\ j intitle: ( . 1 >J '.^ 

cjLalkj^ax Ja ^ jlaJ tilli ^ullill ^iL Ja, ja. jli allinurl: ^ 4 (j-aLaJI ^^UIojVI ^— ^ lij [allinurk] 

. URL J ^ e ^L,V! 

https://www.facebook.com/tibea2004 A^Ia ^^aa^a 
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" faq "j "google" cjUISII ^ yr^ S^Jh 4$ Ajs ^ (allinurl: google faq) < J13JI J^ ^ 
di^U c-jjjII J^U <> l^jk Jja^JI L^J jSaj AiJijll (www.google.com/help/faq.html) < URLu^ 

. (Occurrences)^* t>^ ^^11 
.allinurl ~ U»^jc \ju* j\si ^Ij^j V o^j .1*-* CjLal£3! Jjxjujj U» LJlc. ^URL^I ^jjjUc 
tilli ^^ic ^ c ^j3I CjliiLauJI ^cjUiII jjjSj l_a jjoj Ja> ja. <jla t tiL ^j-aLkJI ^^IxlajVl L-ilia inurluj^ ^ v l^j [inurl:] 

. URLut ^1 

googleguide ^ cjUi^JI ^ jli (inurlrprint siterwww.googleguide.com) * Jli*Jl J^ ^ 

^ " print " J* J J* yr* ^ PDF ^UL l^l ." print " a^ ^ji^ ^\ 

l9 jJW 4$ ^ ^5U1ujVI jl [ inurlrhealthy eating ] .googleguide <-yjll 

a1& jll Jab eating <^ ^ ^Ij \&\ yi healthy 

.L^oIj A-aISJI j inurl: ^fo^all <jjj 4^Lu^ V :^Ua j*1a 

a m ^ ^1 jjl (^ic 4^-*^ -V^* ^ j -0 Jab (j;!*-* L_flL» ^jc cii^JI ^ aja. jiill 11a D^liioaVI \ [filetypei] 

;^JU]| jjjauH ~ laJLuijj I— La A\ L_J jUa^ll ^l^lxiVl oAsu ^jJajJ lLli^j [extl] J^J ^ ^-jUjLd 

filety p e : p df ext : p df 

.txt *^ j^- CjIaKII ^^ic ^jii^j (Jj^j (j^a j^>sla3I ^ <c\\\ (^au ciiaJI ^cjHj ^1 Aiflj [intexti] 

4 Ja. ja. t ■ lla Uia. .1 ^-llo bUlstxi - gaJ ciljlo ( . ^^jll Ja. j^. 4_^LkJl (>< ^ ^-la jllll ^1 jj| ^jAslSI i^IUa 

6 A alia o ^ullj Jasu Aill^xJ! Cll^Jl ^jli ;^jLi^.Vl (j* .Uiajl c5^>aVI Cll^J! ^jAslSI ^ ^Aji gaJ ^j) ^ all 

Passive Footprinting uj^ 6 ^ t^aJI cjUL^ jl s jl^VI j^j jll cijUKll (jjaij diaal) ^ 

^jl ( ; la>J .active ^ '(-^^ JJ^ ^5^* J^-a cl^) c ^'M^ ^^a^* jL^ajl ^J^-aj .Aic n du£ UJUa 

FINDING RESOURCES USING GOOGLE ADVANCE OPERATOR ^11 J^ja ?\mJL* 



jjkJI [intitle: intranet inurl: intranet +intext:"human resources"] J^ J^j^ ^ ^l^kl^U 

^aJ CjUi jlx-al! _Cljli3lj A£jjoJI tilli ^^i^a J <jujL CjLg jls^ (jLi^VI C-pa*J j Ai^jjauJl A£jjoJI ^jc 4_j^\A CjLg jlstxi ^gic 

ia^i^Jj ^I^jjojVI ajjla ^^-Sc Jasu L_fl jjoj Ja. ja. ^jj ^AjcUu^-VI ^ ui,Vi^l CjUl^A ^jiHl I^qIa^LujI UJ^>^ (S J^ L)^ ^<S' > ^ 

*jiLall diaJl JiJl^l] 

;lA j£j ^ujj ^^UluuV) g-^l^ U^J*^ f ^HaII Jai di^aij 2^1^ 4^i^ j^Jaj JLuJ) 



let inurhintranet +intext:"hu. 



[intitle:intranet inurhintranet +intext:"human resources"] 



Go gle 



Need a Business Website? 

" www google com/Apps/Business 

It's as Easy as Editing a Document. 
Learn About Google Sites Today! 

Human Resources Intranet 

- www info com/Human + Resources + lntranet 

Get Human Resources Intranet Info 

Access 4 Search Engines at Once 

What Is Human Resources 

■~ wow.com.A/Vhat+ls+Human+Resources 

Search for What Is Human Resources 

Look Up Quick Results Nowl 

Intranet Human Resources 

— www webcrawler com/ 
Search multiple engines for 
intranet human resources 

HR management 
— www.openerp.com/ 
02 290 34 90 
Recruitment, evaluations, payroll 
timesheets, leaves management, etc. 



(0.24 :^ l j^> ^o) 14.600 

Kellogg Faculty & Staff Intranet - Kellogg School of Management 
»j* www kellogg northwestern edu/intranet/facstaff.htm 

Human Resources & Benefits Staff Resources Onboarding 
Resources Kellogg @ Work Quarterly staff newsletter. Directions & 

Maps Fitness & Recreation 

Human Resources Intranet 

i^i— 3> »j» hr intranet unchealthcare org/ 

This section of the Human Resources website is for UNC Health Care 
employees only Employees must enter their system userid and 

password to continue. 

HR Intranet | Human Resources | Vanderbilt University 

a^a-^' .j* ^.ji - hr vanderbilt edu > HR Intranet 
Vanderbilt University Human Resources. ... SharePoint Links Human 
Resources JCAHO Service Delivery Teams Helpful Links. Don't like 

your middle initial ... 

Human Resources : CLA Intranet : University of Minnesota 
a j* — cla.umn.edu/intranet/hr/ 
... Resources Who Do I Contact in CLA HR? 2013/14 Deadlines in 
Faculty & Human Resources OHR Manager's Toolkit CLA NOW 

Blog CLA NOW Calendar ... 

Human Resources I Intranet - University of Hawaii 
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~* all i^y& jkVI CLi^ull CjI^j^gj (Ja. ja. a I laJkJ j <LqLuj ^jjlilij ( " \\ A ar. s-l j^-j (j^ J 3 Cp L a ^ o, ^. Jl <J j> ^ jll ^j^aj 

UseNet J^[(BBS) Bulletin Board Systems] cjU51oVI ^ jl ^Uajj jW^Vl £Ac j*^ j^V^ c> lsj^ M jj <-«Us£i*J 

.lJ^JI jo cjUjI^J! J 1^ ft^iLa jj£s jl jl*j Google Groupj 
c> o^^iouJI jiaJ ^L jj j* Jaxj ^jjujU ^Ikj j* [Bulletin Board Systems (BBS)] 4a jJ ^Uaj :4jaj^L> 

£c-g1 Jill <jLaijl J lSj^* CjULftC , >jq Vl ^^JjoiaII laJ > uJ t^Uaill <J J^ll ^JC- .AjS Jail <la^all ^Ia^UjuAj ^aUaill Jj <J J^^ll J JL^jVI 

. jjjkVI (jJyi^JjauJl (JjLaijll <J-^ J dsl^)jullH j jllkVl ^a^JjauJl laJ > nj djUUJl jl 

Jc bLucI t laaJl jjuiaJ jl) L_Lal!}U .3 jVftti <Jj\_xjJ^il J S^cLouJl JjJ J jLoJjV £>i& ^JjJL^Xi ^1,^ lull (JjjLU L_3 jlLftll j^ (JjjJ 

.AjjjoJI j <jujLud^Jl CjLg jJjlaJI tilli J LoJ 1^. 4_L^La <iluj| AitjJaU jiila j-<Jl ^j^J jL^VI j-a J L_ Ll^ ( (^-^ l— laJJ <1asl!I j-a ( . ijl ^ 

j>* ^jjjJ L— Li^ .^..^ 1 ^ cJ^^ <LjL^JI ^l^cj J > r\ i c^iii[admin] 4£jjuJI <Jjjjoi^ jliicVI J tJLLall JjUjui J^ 

I J*j£j (JjjUII jx» JJJ^J '1 ^jjuoI JJ^VI cJ*^ <j^al-aJI ^l^cVI ClAiLa jjuU aJJ i o Cilia 4_x»Ll1I CjU^iL<Jl J CjLujSIIaII J ^ ujj jl L_fl jlLJl 

jl£ jl J^ ■ jj^^ (S ^ jA diUi jlx-<Jl oi^ .l^J ^JjIasu A£jjaJU 4_j^Lkll J jjj^IVI -^JJ^ U^J^ C ' ^^^'^^ 
<J jj^^JI L-Jxj gall j^i 4_jj Cilia t^J <j^aLaJI ^I^C-VI diliLa jjoij ^JlC ^jia jc. 4_jli^3! LaJ ^ajaJlj ^l^ilb ji^lj I A£jjoJ| L_fljjau» 

t. a i^^j 1 jjj^ C5^^ [posts] ^ ^ l^I^J I CjI^j IjuIa II AjIjjlj I jaj* ( s_5^ 

# a£jJo3I j! jjc j^ t Jj-aj^fe jl Gmail ^ ^ Jjjj^IVI ^jJI u^j^ ls^^A 3 CP* j 1 ^^^ 

JiU UjIjc.1 ^jj o^J^a. jj .^ajJl jl^jj (3^^ UJ^ C5^J^ J^* 1 ?^^ " ^ Jj > nj^ l Jc 5lLa ( . \\\) <j\ CjAa-J 4<LuJl jUiaII jx» 

jA ^j* La -i^j (j^j^ 3 ^-^Louj IgjL^aJ jl (j^j j3l djLi jlx-<JI ^ server 2000 ^ (3^^ 

.djj jjjV! J^ jJI 
" USENET " ^jj^l > U 

A jvfiti ciltil t>— LjAaj j jjjlaj* VI La ^joj! jj lS^^ uiVi^H j jVI ja. j-<Jl ^I^VI CjI^jjoJI j CjIjAjIaI) jl J^^-? J^^?^^ 

1980 ^JLtll dij^-la j ^3jJ^ ^ » <al > ^^^^JJ^. (JJiiLl ftj^ J j£joj!jj jJ L_jLjai3l jl^l CjUj j-d ^J^^ 6 ^ Cljjl£ ^AjjSJjlSI 

jU^VI ^-c- cJ^^ Li j^j djj jjJI aSliA jl o J cIjILLu j cIjVI^ AiLjaL ^ j£i jl ^iLlaaj ?4jiili Laj dAjjj^l La j£J 
^ju m newsgroupsjW^-^^ djlc j^^ a ^a.mH ^LaaSI jl Ll <J£juj Jc ^ LL ^iLj jik jc SjUc ja djjjjJI a£jjoi J JlLi <J^a 
Jl j^kj Ia jLuojjl j Aj^JLlSI a£jjoJI jj^-la ci^ ^—O^-^ ^ j u*^^ J^ ^ J -0 ciJl j L» j CjVL^jVI j jml -\\\ CjI^jjuj ^^al j^ Cij jjJI 
^vimi jll djUvr^ll Jla (jjjlij CjIc jA^a 4 lal > >n cJ^j j^ ?jU^VI cjIc ja^o jl newsgroups J^ ^ J .^J^ Sjj^- 

Ajjoijjj CjIc j^^ o JLgJ Jl tillj* jlikVI CjIc j^ a ajujjj ,4_ixJLl!I 4£jjuo3I Jc jVI 6^ ja. jxJl j^LaV! t * a ^^ a j-<» ^LjacVI jJJ (jjjliill 

A^.jj Ljajlj A j jjV jVI jjc. 4 alia q ClalxL ^ jkl CjIc ja^d ^jJ (Jj ^-c- j ^ ^ ^ A <<lir 10 U^J ■ Big Eightc^^ 

Jc 6^.1 j (J^3 L_fljjsu j <jjLu3l CjIc ja^aII cilti (jiajsu ^ jSLoj j_ alt^^*-^ l£^>^ ^ 

# Ia jjc. j jjj^^L <j^LkJI > >>l jaIL <c ja^JI tilli ;Comp 

m jail J gaaJLo <c I^jI ^1 lIjLuxu^iIIj a Ludlallj L_j^VL ^j^j iHumaiiities 
# Iajjc. j (JliLVI j ^jWMI jc <c jiLd > >>l jaj ^aii^j j^-<i ^^^joi l^J (JjjJ <c j^^ a\\ ;]V[isc 
# djlc ja^JI jc o^j^aJI CjIa^VI j CjLoilaill jLikL ^j^j ^^^^a Aj^Ic jU^.1 i— lou] j^3 j jLi^VL ^j^j ^^^^a l^uil j^ Ia£ iNews 

> dj^.>.>il>.a^j ^a^lil j>» 4_iajli3lj 4_iLau3L a > <a1 ^ ;Rec 
.^LiJxJI cjUjVIj ^ji*lL 3^UJI djUlijjl ^ajjaj :Sci 
t ^oia Jl J ja» jxJI ^at w a\ djliliiillj cjLc-Loj^vI ;Soc 
.^.ud.ftllj jj^llj 4->.»l-i>.>i3l <J j^. cjLujIIj ^jjaj* ;Talk 
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(GHDB) (GOOGLE HACKING DATABASE) J* J* : 



http://www.hackersforcharity.org 
^ j ^password j Username ^ <i*aJI cjLLc GHDB .Exploit^U? 

^ jiajll ^(j^gAjlj till <Jjau3U jAa £ jjJa ^xJl liA jl£ lilj 4^ jA\ tiA Sjbjl ^ jll ^ C5^J^ ■ 

.^jjIjII Google Hacking for Penetration Testers 
dAiUJ! ^jSI (^^UIojVI Cj! djljluiluiVl ^ ^ J±*l CjUUj s^IS (GHDB) <i^aja CjULj S^ta 

(JjS ^ duJdjl (^Ij '"vjj^-' liLaJ! ^ 4 a ^ o djUjii - iklujj c ^j3I CjjjjLui ^^/HTML o£ « (J^f^ GHDB / ^ 

.[http://www.hackersforcharity.org/ghdb/] (^u^ cl^bU ut^jS) Johnny Long 

GHDB c> >VI j* L5j^Offensive Security 
http://www.offensive-security.com/community-projects/google-hacking-database/ 

. (http ://www.exploit-db.com) - (EDB)Exploit database .Exploit^U? S^ll GHDB ^ ^ 

^Jc. L_fl^x!il3 (Ja. ^I^jjujU 4_ik^lja3! cIlqI £a ^CjLia ^j;^ j Ij^aII ^ jiL* ^siis*) phpBB ^ *^^>*^ cs-^ jj-**^ ^ '2006 j^^>^ <^ 

http://www.exploit-db.com/exploits/1469/ 

"Powered by phpBB Tf inurl: Tf index.php?s Tf OR inurl: Tf index.php?style" 



GHDB « Hackers For Charity 
kersforcharity.org ghdb/ 



CONTACT US 



facebook 




GHDB « Hackers For Charity 



Welcome to the Google Hacking Database (GHDB)! 

We call them 'googledorks': Inept or foolish people as revealed by 
Google. Whatever you call these fools, you've found the center of 
the Google Hacking Universe! 

Advisories and Vulnerabilities (215 entries) 

These searches locate vulnerable servers. These searches are often 
generated from various security advisory posts, and in many cases 
are product or version-specific. 

Error Messages (68 entries) 

Really retarded error messages that say WAY too much! 




4iua j£ ^ 4,4, vVu noil Cj) jS$\ 

.cilli ^ t [gateway] Jj^l 
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Metagoofil ■ 
http://www.edge-security.com :j^^ 

> *\\\ ajuUII 4_*UJI j3I ^ (metadata) ^ jll cAjLuII ^Ij^IujV cjU* jLca3! £-<^J sbi j& Metagoofil 

(Pdf, doc, xls, ppt, docx, pptx, xlsx) 

djliLd i^jb Aw* ^ jll djljUJl ^-1 j^lml ^j^ajill diliiLauJl Jj^vi j ^j^j] <J^> j^. ^ ciiaJI ^uIac. ^ijj Metagoofil 

t^jj ^vini^ l ^UjujI (jAiJaij Ijjj^j Jjj ;^jHi3l ^ .U jjc. j t PdfMiner? 'Hachoir (libraries) cjIi&JI 

.CjU jl*-<Jl g-i JljlkVI jL£aJ ^LulJ ^ ^1 jl ^1 J^Jl J Jill djljl^aj 

Goolink Scanner ■ 
http ://www.ghacks.net 

-Wjj lP 3 ^ j t^Hj <4? <^JI cjUL^ <> (cache) ^>J1 03 j^' JO* Goolink Scanner 

■googlebotsj google J U^^j^^* cs-^* ^ AjJ^jslA] ^al jA\ ^-^jV ^13 t^Ulbj ..Laa c > ^ ialij ^^ic 

SiteDigger ■ 
http ://www.mcafee.com 

cjU jlx^l j jI^VI ULJaS j 4 ^Ik^Vl j < < qT > hl l JalSj (Google's cache) d^j*J ajSj^II SjSlill ^ c^jj SiteDigger 

Google Hacks ■ 
http ://code.google.com :>^JI 

^ujjj Ajji .<J^ ja. j i*vn j\| CjLo^k ^ CjI j^i ^jia^su c _^j1I lLl^j cjI jUt! ^j^yi Google Hacks 

BILE Suite ■ 
http ://www.sensegost.com 
^4^- ^ ^ ^""i^ l J jj c1a±J^ qa BILE Suite J^Aj .Bi-directional Link Extractor ^ c> BILE Suite 

C5 lc JjLdJ BiLE . Jj^ ^^J^ ^ « J' Jj^^ SbVI BiLE.pl <iila j <jJ Jjj Cjbjj^juj ^ 4Ja o .^lAxIill 

^5 jSI till <lj ^^jII ^glc JV^jjuj^l! <iajjau3l CjLixi jjl ^nlaj ; L_fl^jjab<J! ^<J! Ul! £-<^J ^ laJLujj HTTrackj cJ^- J^- 

Google Hack Honeypot ■ 
http ://ghh.sourceforge.net 
.malicious web traffic: search engine hackers i> ^ j ja Google Hack Honeypot (GHH) 

a £i a, A\\ \ CjI jjjVI <£f^ c^^j u^' (honeypot theory) £±£sZ 

GMapCatcher ■ 
http ://code.google.com 
'CloudMade : ^ j> c> -^'j^ o^j*^ ^ .offline maps viewer jk GMapCatcher 

^ ^""i^ l ^Ujj ja (maps.py) .Skyvectorj 'Nokia Maps 'Bing Maps 'Yahoo Maps 'OpenStreetMap 
4Jaj^k (Jj^^*< ^(Aiixij ^*^) offline toggle t° ■ < *^ ^ a ^^^ ^° 1 ^ a ^ n^ll ^juj^>3I 

SearchDiggity ■ 
http ://www.stachliu.com : j^-a^ll 

<a\ j cjliLiu's j Stach c> 6 jW^ j* .Google hacking Diggity ^ ^^^uj jll ^ j^SI stai SearchDiggity 
'GoogleDiggity Diggity ^Ij^i djljl^j^yi t>,w V 4_LdUiVI ^^-^-1 jll ^^jII dia j » » j j^j 

'MalwareDiggity 'DLPDiggity 'CodeSearchDiggity 'LinkFromDomainDiggity < Bing'BingDiggity 
.NotlnMyBackYard Diggityj 'BingBinaryMalwareSearch <SHODANDiggity 'PortScanDiggity 
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4J^jSJ| CjUIaP dilj-Lk j Cj) jJi ^laxj £$) £2 j^Jl life j-uxj j^ia 

,^.1^13 <Jjou31j uA\ CjI j^VI (j-a ^>f^S J ^I-^^hI J& diliiflaiill j Ajj jjl&Wl ^<JI CjI^su .AajV aA^juJI (jj^Iall (j-a 

<j (j-aUJI wizard c^j^ 3 ^-o^l ^uffi ^ -1 



Search Diggity 



arch Bing LinkFrornDomain DLP Flash Malware PortScan Notln My Backyard BingMalware Shodan 



Advanced 



Query Appender 



I I FSDB 
GHDB 
I I GHDB Re born 
I I Share Point Diggity 
O SLOB 

0 SLDBNEW 

1 I DLPDiggity Initial 

I I Flash NonSWF Searches 
I I FlashDiggity Initial 




I I Disable Scraper 



Re q li est Delay 



Aggressive 



Cautious 



Google Custom Search ID: i__reate 



Category | Subcategory Search String Page Title 



Selected Result 



Google Status: Ready 



Download Progress: Idle Open Folder 



Microsoft.com ^ cfi^ j Cx* ^ ^ l#Jj*> Sites/Domains/IP Ranges -3 
\JN\£ add ^ » 



Search Diggity 



CodeSearch Bing LinkFrornDomain DLP Flash Malware PortScan Notln My Backyard BingMalware Shodan 



Simple Advanced 



Query Appender 



□ FSDB 
GHDB 

□ GHDBReborn 

I I SharePoint Diggity 

□ SLDB 

B SLDBNEW 

Q DLPDiggity Initial 

I I Flash NonSWF Searches 

I I FlashDiggity Initial 




example.com <or> 123. 192. 100. 1 



microsoft c om [Remove] 



Category | Subcategory | Search String Pag e Title 



Selected Result 




Google Status: Ready 



Download Progress: Idle Open Folder 



ilia (j^Jj L '"^^ ^JJJ c^ill L_ilkJl £ jj jbS^lj JjujjVI L-jjUJi ^ £j jA\ t*Ui ^XJ -4 

6 jLp j di^JI ^jU j^ua SCAN la* > ^ SWF Finding Generic ^ FlashDiggity Initial 

.SWF ^ii* c?J^ yr^'j microsoft.com okj^I URL u^j^ 5^ 

Google HACK DB ■ 
http ://www.secpoint.com :j^a3I 
^Loij sbVl .ci^JI ^jc <jujLo^JI CjU jlxJI ^j^j! SecPoint Google HACK DB sbVt ^b^lml Liajl ^1^11 
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Gooscan ■ 
http ://www.darknet.org.uk 

CjI^suII Jc jjilxll CjUi!>lxJjajVI dlAAj^a S&j . Ja. l^J ^niaJ .Ua 4_i3l <L^>laJ Cj! jLuifllujI ^Lodl Jc <J-gju obi j& GoOSCan 

;Jaj|^)ll 11a <J^\a (j-G CjI j^a j 

http://www.searchengineshowdown.com/features/ 
jl . gjgablast.com ^ j^l ^ j IP ^ CttJ^ £^l ^1 ^ j ^^l j ^ c?^' ^ 

dii^l .Ij^. j t^Ljaj 4^ 'load balancer J I^a .IP jl jjc J!>U. ^ dujSjYI 45 oc- di^ii 

.[ip:search_word] ^l^lual C&J^ CP IP ^ CttJ^ CP £^l ^ j^VI j& MSN <^JI ^ j^* jl I j^>> 



(WHOIS FOOTPRINTING) WHOIS ? l-^W ^^Vt ^^-6 



jVlj 6<iI3i3 .^Uaill 1^. ^-xa ^>fixj Ai^JjaixJl A Ajaldll £3 jxj jc WHOIS J^-* ASajuoIL AiixlLJl CjU» jlx-<Jl £-<^ 

.WHOIS fl>laajuAj ^IVimVl lIjLLc. J&Lli jjoj 

.gij-a jc CjUjL^I 4^j^UI cjIj^VIj td^JI ^jUj JJ^j 'WHOIS *l j*\ Jj^ WHOIS Footprinting 



(WHOIS LOOKUP) WHOIS 

^judl (JLd t 4_l^jul>Jl dlj^)ljVI ^jl J^J jl jJ^JouJl j-ldAaJLudAll CjULlJ jC ^^SLlui^l a ikluJj _<jL^JjojI j a!>lxJjall (J j£ jJj^)J j& WHOIS 

.^lill *£aJI *UaJ jl 6 IP jl jic i O^J^ 

aJJ ^^j^jJl L-jLau^al jc 4_L^kjai CjLd jls«-<» ^^^Jc 45 J^^J ^11 A^ijuJI ^ i u il^ ^ ^JsjujI CjLudjl CjUUj ^cl j3 jc WHOIS 

(LOOKUP table) ^aJi Jj^ M .^^V 1 ^ J^V 1 ^> WHOIS ^'j 5 <i^U^I 

^^LkJl li^ (JjS ^^IxJjojVIj JIj^jVI ui (j^J .(hOSt) lI^^Ij U^J^^ 6<£jjaJlj 4JaJJ^<Jl CjU» jIslxJI Ail^ ^Icr ^jliJ (5^1 

cjUUj s^c-lS ^^ic t^ljJjVI .(hosts)^.^.' 1 j 6 u^j^^ 'o^ 3 j 1 ^^ic ;djl£jJa3l jc djUi jls^ ^^ic J jj^a^il (server) 

TCP 43 ^ whois cjUjL^VI ^U. JjS ^ cjUUJI d^a U six. j .InterNIC j^whois ^ J^JI 

.WhoiS r^»^ ^I^IojU l^Jl Jjj^ajll ^jLaJ g-jllj 
1 ^ J^l > <~\ (JIj^jVI (Jj > *al 9J j 4L_fl^JjauJl j^ j^3l ^jojI 4J j^. diUi jlx-<Jl 4J j> .^i^ll WHOIS ^^IxJjojI (J^jj £ *H clA^ 

d^a J£ .<L^all Cjli CjU jIslJI ^ ^UlaiVI Jl WHOIS 6 ^^V^ ^j^j ^j^^-^^i ^1^1 ^j^j 

A -\f\\ S^lc (JajujJ jjoj j .IP jl jJC jLk^l <LJ tjj^ jJ!/(jUai3! ^jojI Jl^.^1 (J* V^J .^u&rJl CliaJl diULftC. ^iilj Uiajl A j£ <LJ W^hoiS 

/ Aiaiall 45-^ c^iJl l^-L^l J 4£jJa3l (jUaj whois 

WHOIS ^ Ujjj cjUjkAll 

m Jjj^iiilU jJl ^jojI 

.NETRANGE e ^31 - 

(Regional Internet Registries(RIRs)) WHOIS 6"* ^311 ^luu-j^t 

ARIN AFRINIC APNIC LACNIC 
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WHOIS LOOKUP g433cW*3 



jt http ://whois.domaintools.com <^ Whois cjU^ ^l^ki^U <u ^LSII WHOIS Lookup 

jt http ://www.ripe.net j^ http://www.networksolu tions.com/whois/index.isp j> http://centralops.net/co 
t> o±n\ J!^k <> l^jk Jjx^JI f3 ^1 j WHOIS Lookup <^ gfo ^ jj .http://www.whois.se 
jl t_fl^JI qia ^jojI JU^I (jjjia WHOIS Lookup ^ cjU^JI d^a ^ J£ .ILL* Sjj^UI WHOIS 
JL^iVI cijUjkx» t^jjj^iyi ^jjJI tj j^ .. nl l cjUjIx^ JS* WHOIS cjUjI** tSU j^jj domaintools.com .IP Cj\j^ 
.tSlSi U j j^ll cjljajjjaij ixjlS c-I^jjI j cLijVI ^cjjIj '(ADMIN) l&U^VW ^ 

j domain WHOIS record j u' cP* ^ http ://centralops.net/co/ ^ ojaji*il Cti*j^\ ^UL 

.DNS ^ o5Lu- j 'network WHOIS record 



r 



Rejistraat : 



9«<*«f 3t«U Mr rttiuo 



Hicroeoft Corporation 
One Microsoft May 
Mend m 480»2 

vs 

domawtiermotoftcom U.42S5828090 Fax: -1. 425 J3fc-329 
im: micro* of t . cam 



R^a".atr*r Heme: Martaemtor .esn 
Registrar VJhors: MktAi .aerksooitor .com 
Eegistrar Homepage: http://ww.merlrmoriltor.com 

Rfeiaimtrative Contact:: 

Cam Kirrosoft W»y 
Paramo nd MM] 

VS 

djmi.ns&nK osoftcom *1 .42SS82302O Fax: -1. 42S*3€"32S 

Technical Coovact, loae Contact: 
ISM Hottzajttr 
Microsoft Corporation 
One Microsoft »»y 
Rednad A 9eOS2 

rranrsieroicrcsollcjni ♦i.42see2eoeo ram: »i.42St>«7J2t 

Created on : 1991-0S-61. 

Expire* om i 2021 04 C2. 

Record :ast jpdated on..: 2011-06-24. 

Domain servers is listed orders 

nsS.meft .net 
n*4.meft .nor. 
nsL.naZx .a«t 
Ri3.Bsrt.aet 
r.j2.msft .ntt 



httpi/Vwhois.domai ntools.com 



Domain Dossier 



2 :rr 3 n or IP Oddrctt UflOr'tOy 00<T> 

1 deman whois record Z DOS records 1 traceroute 

■ network whots record "3 service scan 90 J 

30] 



setsnc* 47 **cs 



Address lookup 

canonral as me juofjvboy.com 



addresses € 
Dc»ma n Whois record 

Queried wsitcii.Snterolc.net with "dam JuQgyboy.cotsT . 

3uc*i.:; Saac. JCOaYBC?. COM 

tegznrar: VZTWCW SOLtTTICHS. LLC. 

Wvsi ■ Sarvar: whole. n*twork-«olt.ciama.eem 

BeZtcrel CKl; fctvp cmtvarasca atioas .com/tn US.' 

Base Server: SS1>. HCRLTNIC.COM 

■erne Server: SS2 a. WCRLW IC.COM 

Status; cliaocTrensfer Prohibited 

Tpdated Date: C3-fefc-2CD) 

Trestles Date: 1 4-30 1-20 02 

Enpicetion Dele; ld-)al-2014 

>» Lace updtu s2 vteie datmbeet: Thu. l» Jul 2012 C7 4»;M CTC <« 
Quvnvd mIm in 1 t'lv/i 1 ks<*lutiuiiVLOfii th 'jmygf buy .coca".. 
Registrant: 




(SMARTWHOIS) :WHOIS LOOKUP ^ 
http ://www.tamos.com 

4 IP^jjjUc <J j2»* jl<JI CjU» jIslaII ^ia2>. (jc c— ia ill j (ill ^ajujj ^^^j a£^uJI (jc CjLo jIslxJI ^a^J ol^l (jc ojUc ^SmartWhois 
JL^ajVl cijUi jls^ t J jjjouJI 4a£jJo3I j jj* ^jojI 4<GjAa3! 6<xIalLJI jl <jV jll t^lli ^ Laj ^^j^ jJI jl ^hostnanie <— R^a-alt ^1 

^cjjIj ttillUU <j^aUJ) IP (jJjUci ttillUU <j^aUJ) Jl^ajVI CjU jlx-d iqia jA\ cillU ^^Id JjiixJl gi Uiajl cil^dLoiJ 4j1 >( ^Jmll ^d^U 
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;aJU3I 4_JiLi3! tHk a L« nil ciujiull j ^j^aLkll wizard^ Smart Whois ^bVI '"^."y ^ jii -1 



Smart Whois - Evaluation Version 



: File Query Edit View Settings Help 



r s s s> q> 



IP. host or domain: 



^ | ■=[> Query 



There are no results to display. 



Getting Started 



Using Smart Whois is easy! To query an IP address, hostname or domain, just type it in the input box and hit the 
[Enter] key or click Query. The program will try to auto-detect the type of input and make a query .Additionally, 
you can specify exact type of query by selecting it from the drop-down menu. 



To query an IP address or hostname, select As IP / Hostname: 



IP r h o st o r d o rn a i n : Q 205 .181 .112.165 


- [K> Queiy[^ 




Auto Detect 


Enter 




As IP □ d d ress /Ho stn □ rn e 


Shift -h Ctrl + Enter 




As Domain 

As IP / Hostname and Domain 


Ctrl + Enter 
Shift+Alt+ Enter 




Custom Query ... 



To query a domain name, select As Domain: 



IP r host or domain: Q toyota.com 



- "=> Query 3 



Auto Detect 

As IP address / Hostname 
As Domain 



Enter 

Shift + Ctrl+ Enter 
Ctrl + Enter 



Ae- IP / Hostname and Domain Shift+ Alt+ Enter 



Ready 



^^A] a! JjILJI jjl! » ^ ^ google.com ^ u^j ^ IP, host or domain ^ -2 

as domain j^j query 

E 7 J j ■ j J . - £ .-■ : : : ! LJ : : : E J ■-■ J J ■-i.l'.ij 
File Query Edit View Settings Help 



| Query - | 



Source: who 



irkmonitor .c 




j^Jaj <Jc. Jai_jJa3U view resource j^juJI ^ j j^Vl ^ ia^.!^ j jL^aliL ^jj^ j^l ^jc l-L& jLlaII J£ till <jia^xja -3 



; File Query Edit View Settings Help 


iBl^-^-aiNatsEltlSS) Q> 


j IP, host or domain : | Q google.com 


v | i=[> Query ^ 


S|t> google.com 


[ _-■ jL aooale.com 
^^"^^ iy3.ig4.lie.lOl 

[ | 1 Google Page Rank : 9 

1 rUjiJ i Ale:-:. 3 Traffic Rank : 1 

Source: whois.rnarkrnonitor.com 
| ^1 Completed at 3/1/2014 3:51:11 AM 
Processing ti^e: 4.&e seconds 



google . cor 



T> omai ii Hajne z .3 ■=■ ■=■ cr J_ e _ com 
E.e g-i st r^v !■ omaiii ID : 

E. egist-r ar WHOIS Server: who i s . markmonit o r . com. 
Registrar URL : http: / / t.tt.tt.t _ markm .=. n d_ 1= .=. r _ .= .=. m. 
Up dat ed at ez 2IJ13-12 - Cl S T Cl S 1 17: 2 2 - □ S Cl Cl 
C r e at =L on I> at e = EOOZ: — J.O — OZITOOi 00 = O O — O "7 O O 

Registrar lie gist r at- =L on E nip =L r at =L on. E- at e z ~ZL O 2iJ-ijy-13TZl ; 00= O U-0700 
B.e gi st r ar 1 Mar k Mo nit o r , Iiic _ 
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^51*1^1 U-^lj query as IP/hostname if- o^j^W hosts i> pUl^VI J <ul.ikU U^jI -4 

.1^4 j query as IP CxJ* if- IP up- 

WHOIS LOOKUP TOOLS 

Jc JJa ^^c. j^ij L_a jjoj .Whois <-<i^ ^ CjU jlx-d ^LjloiV (jjjuJI J *L^il<JI djl j^Vl ^jaxJI cilU& 'Smartwhois ^ 

: JU1I jp^l 

Countrywhois ■ 
http ://www.tamos.com j^JI 

(log file) JauJI l^al^lui! Countrywhois .IPu'j^ Jt>9^ ^ ^Countrywhois 

. IP(j^ J^- UH^I ^ J du£ bl ilia 

.c_jjj3I j^jui J diaal) (jjjia u^j lUs JIj^ .2013 jAj ^ ^ a£3U3I 4£jj^I (jjj^ b& jU.j1i..>1 *j ;4ia jzAa 

LanWhoIs ■ 
http ://lantricks.com j^-^ll 

(Jj^ > uj ^j* t^jjl t^j^ ^-^i Jc- <i3jcLaaj ^c^U^JI li& .djjjjVl a£jjoi Jc ^jjlixJI j ^jj-d jjll <J CjU jix-<JI LanWhoIs j^j^ 

.HTML J^ tLaall J <^USa fcSllS aJ -( 3^V Cjflj J 

Batch IP Converter ■ 
http ://www.networkmost com j^^J! 
'Batch Ping <Domain-to-IP Converter o£ ■ IPojj^ cAS^iil sbi jA Batch IP Converter 

.IP-to-Country Converter JS* j j J Connection Monitor j 'Website Scanner 'Whois 'Tracert 

.^j^ > ^ j (jj-<i jjll ^UuujI a^i\1 jl j] jp q±i\ jjc ^jc diaJlj till ^ajujj 

CallerlP ■ 
http ://www.callerippro.com j^aII 
jj CiLkjl ^1 SjjL-all j sjjI jll JL^jVI o^^s yr^ (Ports) j IP ^ J ftl^l (JjjUjjVI ^ CallerlP 
Whois reporting features s j^j^ ^ IP ols^ J^»i c> t*U <j! U£ B t*L ^-aUJI 

^c-fljj j^Jj ^lijl j (JU^jVI ^ ^ ; 1 w Ui^ ^ jjj^IVI -^>^ u^j^- IP <Jj> > >1> ^ ^lj u^^^ lS^- 0 cIjUjI > ^i^j 

Whois Lookup Multiple Addresses ■ 

http://www.sobolsoft.com jj^^> 

j * whois-search.com<whois.domaintools.com ^ ^ i> ^b^" J IP u^j^ J^M 
lP 3 ^ -c^Ij^I ^ c> ti^VI tcli^JI cjUL^ ^ delay period ^j^ ^ v^ .. i*N .whois.arin.net 

>C5 j^aj c aL> ^cjllill hq^l till ^JoiJ La£ .l^l-a cJ^ cJ^ 3 ^ j IP U^J^ 

Whois Analyzer Pro ■ 
http://www.whoisanalyzer.com j^^Jl 
^jujI t^ixijJ! <il3U ^jujI (jiajc <lj t^lUJ! ^L^Jl £1*^. J 4_l^jab<JI ^ixijJI Cjlaliaj J CjU jlx-d Jj J ^ ^ajujj StaVl oi^ 

.html J^ ^^UIojVI Jai^. jl <^Uia Jc; ^ jSjj ftbVl .^Ij J sbVl ^ S^^*l<» 

Hotwhois ■ 
http ://www.tialsoft.com j^^Ji 

^jjjUc j 6 (JL^jVI l-sjIa ^Isjl (jl 4_jj-i<J! tAJjJI 4 AA\ JiLd 6 CjU jls«-<» (jc t &ju^j ^ji (j^j jll IP ^fjj obi ^Hotwhois 
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^ jill u^j^ f ^ *lS? uiaII j] WHOIS cjIj! uilujl Ljijj <jl iilj£ <lj shVI ~t laJLuJ ; .IP ^jjjUc ^jc Whois j^*-* 

cilLj V -ol c^l particular domain 

ActiveWhois ■ 
http://www.johnru.com 

mi jiA j^3l jl IP (jjjUc L_jL^j^al J ja. djUi jlx-a J jj^aaJU till ^ajujj ^jI! diLa jIscaII ^^ic ^jta ^Ujj Active Whois 
.O^j^j (j^^^^l^ ; (j^aLaJ! IP ^jjjUc 6(^131^13 Aj^j^JIj <-i> kill ^1 jjoi ^jjUxJIj ;^L1I .ipaj Liajl tiij£ sj 

WhoisThisDomain ■ 
http://www.nirsoft.net : j^aJt 



m a\-\ uiaII (JjLg jJI J ja. diL* jlx-aJ! ^^Jc J jj^aail cil^cLaaj j j^ll dj^j^ > >n ^jc L_ la^ll ^nlaj WlioisThisDomain 

■ U^ J 1 ^ (Jj> > dj^lajaj (^ic *LLg (Jj^aajj La <L^)laJ \\ Il01S ^'■^-^ -W^^ UJ^ ^ 

.country code domain j generic domain t> l£ y> 
WHOIS Lookup Online Tools ■ 

I^Vla whois ^1 cs^J 4^f^l C5^* UJ^ cs-^ <*-ilj^VI (j^asu <ajLuJl CjIj^VI Jl 4iL-bVtj 

Smartwhois available at http://smartwhois.com 
Better Whois available at http ://www.betterwhois.com 
Whois Source available at http ://www.whois.sc 

Web Wiz available at http://www.webwiz.co.uk/domain-tools/whois-lookup.htm 
Network-Tools.com available at http://network-tools.com 
Whois available at http ://tools.whois.net 
DNS stuff available at http ://www.dnsstuff.com 

Network Solutions Whois available at http ://www.networksolutions.com 
WebToolHub available at http://www.webtoolhub.com/tn561381-whois-lookup.aspx 
Ultra Tools available at https://www.ultratools.com/whois/home 



(dtjS Sl^^S) o*Ll JjLttll f>\3ii J WHOIS 

d^^jQ CjLg jla-G ^1 <J jj^ jll Ul ^jjj WhoiS (jg& .Whois J ^-^k (J 4 > ^>l CjLg jlx-a ^-^1 l^ial l^a. <JaJjudJ aLjujj 

C5 lc ^ jJaJ La Sjlc c _^j3I jL^ajVI djLa jlx-<ij^£)NS) S-LajoiVI ^1 ja. ^ (JajoixJl .Jjau ^.UujjI jl IP (JJjUc i^Ui Iaj Ua^A J ja. 

^jfl (j^^a (JC- ^»*laJl ~i laJLo:V <L^)ia Jajuijl tillil .LjJal jjs! ja. ^1 (Jj^aiil (Jjt.uuII ^Uaj whois V .L_fljlA ^Sjj (jl J^C 



$whois©target_domain 



whois 

Usage: whois [OPTION]... OBJECT... 

-1 one level less specific lookup [RPSL only] 

-L find all Less specific matches 

-m find first level more specific matches 

-M find all More specific matches 

-c find the smallest match containing a mnt -i rt att ribute 

-x exact match [RPSL only] 

-d return DNS reverse delegation objects too [RPSL only] 

-i ATTR[ , ATTR] . . . do an inverse lookup for specified ATTRibutes 

-T TYPE [ , TYPE] . . . only look for objects of TYPE 

-K only primary keys are returned [RPSL only] 

-r turn off recursive lookups for contact information 

-R force to show local copy of the domain object even 



https://www.facebook.com/tibea2004 



78 



ia : ~# whois syngress.com 
Who is Server Version 2.0 

Domain names in the .com and .net domains can now be registered 
with many different competing registrars. Go to http : //www . inte rnic . net 
for detailed information. 

Domain Name: SYNGRESS.COM 
Registrar: SAFENAMES LTD 
Whois Server: whois.safenames.net 
Referral URL: http://www.safenames.net 
Name Server: NS . ELSEVIER . CO . UK 
Name Server: NSO-S.DNS.PIPEX.NET 
Name Server: NS1-S.DNS.PIPEX.NET 
Status: clientDeleteP rohibited 
Status: clientT ransfe rP rohibited 
Status: clientUpdateP rohibited 
Updated Date: 15-dec-2010 
Creation Date: 10-sep-1997 
Expiration Date: 09-sep-2015 

»> Last update of whois database: Sat, 08 Mar 2014 19:12:21 UTC <« 

I 

NOTICE: The expiration date displayed in this record is the date the 
registrar's sponsorship of the domain name registration in the registry is 



host j-**^ ~ ikludj c_a jjoj tJaia ^jujVU DNS ^ .DNS ^ o^ 3 ^- ^^^l ^^jjj c — ji*-*^ Jj? 1 ^ 

.IP (jJjU^ *Ujtfl ^tti 

whois * ^ f s * s *^lc <J>ujjj L_a jjoj .ip <jl jjc cJIaj] <lj ^1 t^jUaill ^joi! cJ^-^j c>° .^u&rJI i— l^j cAjLac. ^^Whois ^ 




ia:~# whois 173.194.39.18 

# 

# ARIN WHOIS data and services are subject to the Terms of Use 

# available at: https://www.arin.net/whois_tou.html 
# 



# 

# The following results may also be obtained via: 

# http : //whois . a rin . net/ rest /nets ; q=173 . 194 . 39 . 18?showDet ails=t rue&showARIN=f alse&ext =net ref 2 
# 



NetRange: 173.194.0.0 - 173.194.255.255 

CIDR: 173.194.0.0/16 

OriginAS: AS15169 

NetName : GOOGLE 

Net Handle : NET - 173 - 194 -O -0 - 1 

Parent : NET - 173 -O -0 -0 -0 

NetType: Direct Allocation 

RegDate : 2009-08-17 

Updated: 2012-02-24 

Ref : http : //whois .a rin .net/ rest/net /NET -173 -194 -O-0- 



Ujk* & &3**ft\ V**) DNS FOOTPRINTING-7 



^1 (Jjj- 1 c ^ * ^ DNS Footprinting yr*j _^Uai~VI 4_iLc J_l ^ j_l ^ jy\ Ji_j 

._Ui cj! jjVIj DNS ^ 

DNS ■a^ V " ^ 

^U_jjI *l<^.jj 4jUr. ^jc <U jj_ia3I DNS ' jj - ^ o£ ■ l - — J-^V^ J ^ ^ ^y* lS^ ^ ^.uLuil (jj— ^ 

j J L_ a L cjVI u 1 ^ c* -74.125.95.105 t> "google.com" J ^ cV-Vl < .IP otj^ J) 

.4^jj3I <iLc; iiiiil t a^v^li J^j <jt£ DNS .o^*-^ 



https://www.facebook.com/tibea2004 



79 



t^j^ > ^> cJ^^ d**^ DNS lI^-I . K^ U1 J ( ♦ 1 J in ^ j J] a ~'^ J^l DNS J^ J^ f*<s ^ j/i^ ^ 

Jc <J jj^^J! j 4^!^ klujVl i— ua ,1^j£jjoi Jc j!i jjj^ <J£ ^j-a <J <JALaJI jA\ ^jujI j XP (jjjUc uj-^ ul 

Jc j& j' -C-^ l)^ J 4-^iil j Jc j& a£jjuo13 DNS J] lW-^I <J jft 

<LA£ Jc ^ jl^j Blueprint ^Ual^L-aJI 4<ULaJI J <j£J .c^^JI <LaJaiaJI ajlu Jc ^ jiiaJ blueprint diUak»^ 

,Ua^A Jl ^ <UJJ jll L_flJjJaxJl e-Lajoil j 4_ilkUl JP ^jjjUc (j-a 
t . Ujuj C*lU& 4L_l&i3l ^a pic j <j| ( . utaJ # L_fl^Jl Jl a\W Jill IP (jJjLc £-aa> ^— lLa £-aaJ AjjoUjJI jj-£al_l*Jl JlaJ j jSilJ 

I aiaj JaxJI Jl cjUSLJ! £>i& CjVUJI lj* J 1^ <*la-a <ul DNS J^ uj j^j^ l^-*J 
.4»j3aJ ^ <J lij ^1^1 V -ul [if it isn't broke, don't touch it] o*^3 V ^ ^ lit" 
IjjUkj ijL^VI i> J .^j^j ^Jtj DNS f^j^ uj^^j uW^I i> J * yr*^ [admin] <£f^l Jj>** u) 

4 -n. jj LaLaJ 4 J^ q Q 3 V LaLaJ £J>a]| lAA JaUJ 

_^jJa j3 t . ujujj ^llj > ^ (J^LuLaJI JaL <j^aLaJI DNS ^J 1 ^^ 

Sj^VI cAjjjaJI ^jojIj ip jIjjc Jc ^ jlaj [record] ^-j^^JI c>» a 1>.>!>. » Jc ^ jlaJ DNS ^ j^^" s- 1 ^ 
^iij .4Jj)>a2I jl load balance lS^ c> J (multi DNS) S^^Ull DNS c> >^ ^ .o^ j^W cr 131 
[zone transferee]^^^^ ^1 nnl S^lL ^ ^li a£jL1a3I AjLar, .CjLa jIslaII J^liil <1loj j <j>1^j DNS 
c5>Vl DNS J^j^ DNS ^ ^ 'AXFR ^ 1^11 jUj jllj 4 (zone transfer) 1 ^^^ ^LLi 
6 (zone transfer)^^ cJ^ ^bl J q^^U jjc. L£ lil J^ >( jli j Jc ^HJU S^^xlaJI DNS ^1 4)\a*\\ e>'^ ^jau'^aW <J£ Jl 

.LLaC ^jUaj (j-ajJa ^Sj jll DNS ^1 (j* (j^^ ^ ^ ^ 

EXTRACTING DNS INFORMATION 

Jl j^3l ^UjujI Ja^s 6 1a DNS Zone .DNS Zone £A&# J J^ J>^JL ^ ^u^DNS Footprinting 
J^ DNS Footprinting ^ ^bL ^1^31 ciu^ JL^il Jj^ j^lj IP Jl ojj^ j j^j^f^^ ^^^jDNS 
^j^j] lJ^JI a£jj^13 DNS J W*-^ ^ ^l^klojl ^ij . DNS J ji*-aJI J^ J jj^JI lJ^JI JL^jVI 

.CliLa jlx-aJl ^j-a J AjC-Lal^VI ^Lajli^Jl dlLa^Jfc tilli j A£jJo3I J (KEY hOSt) (j^i>-'^j3l jjjjjJaxll 

C5^'j www.DNSstuff.com ^1 j^Vl c> <^ ^ ^^^1 c^j^ j& jl jSaj DNS Footprinting 
^jjj du£ lil .tiSA j <Whois Lookup < DNS Lookup < <i^JI ^jJI ^1 ' IP^jLc Jia DNS Jl ^ -^ Luj| 

,IP Routing J ^La^JjabaJl 4 (IP range) ^ Q laJLuiASI IP Jl ^JjjLc (jUaj ^l^pJLujI ^j£-a>Jl ^j-aa 4^jjoJI (J j^. CjLa jls«-a ^-a^. 

<J jj^^JI cililc cJ^-^l 6 DNS zone^— 5 ^^ l!^ u^j^*-^ j^*JI jl 6 f^J ^j' ^ ^ j^*JI ^-^>-^ l_a^JI a£jjoJI cjjI£ lit 

.dll j^VI (j-a <C j-a^-a S^oLoiaj DNS <J CllLa jlx-a Jc 

^ >- DNS Jl ^ u 'DNS (DNS Interrogation zone) DNS m> ^> f I^^W fiUiuil JL* J j 

cjU jlx^l ja jj (DNS record) DNS ^h^. ^^Jl DNS J ^ jJ«^ J^ c# j 1 ^ record stricter **U ( .u^" > n J 

; JVI^ (record) ^-j^^JI ^1 j^JI ^jjj jA\ J ja. ^-al^JI 

.(host's IP address) uL ^ lt j^liJI IP ^Ij^ J! j^y [A] - 
.(domain's mail server) l^j^W -Mj^I Jjj^V ^J^' cP' JiAl [MX] 
.(host's name server) <>*j^W ^A>^l uL^aaJI ^laJI Jl jjAj [NS] 
.(aliases to a host) <>*j^W ^Mj^Ij ^^1 SjUl^) f UyiSfl Jl [CNMAE] 

.(authority of domain) cr^j^l ^ j^e [SO A] 

.(service record) 3 Um^ l cjUjSJI Jl [SRV] 
.(IP address to a host name) DNS & cr^l ffiUiyiVI ^ f ^iyfij (>»j^W u^^l IP C^J^ [PTR] - 

.(responsible person) l^j^aJI J) jj^j [RP] 

CPU J J;«-uuJI j»Uaj ^ ^Lq jJjla Jia Lf ^al Jl ^ J^W J- 4 ^ ^^1 Sjf^^l CjU Jsla Jl jj^jj [HINFO] 

.(HOST information record) t^Aj f ^ i ^l l 
: JVli DNS RECORD ^ f iUl^l lJL JUj) J ^^klu^JI cjIj^I 
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http ://www.dnsstuff.com 
http://network-tools.com 
Ping - nslookup - dig 

http://www.dnsqueries.com f\^J^ (Extracting DNS information) DNS ^Ujk* ^IjH^I ■ 

t*U ^xuoij sbi jiixj ^1 jhttp://www.dnsqueries.com <-yjll g j* JjjL DNS cf- P b1 

u j^^ Cf- 6 jW^ (dnsqueries.com) J^* lW^ ^ o^j^ ^ l£ .< <j > ^ t ^1 ^DNS i> i^iL 

^ji> ^j^^ (DNS (Domain name system))j (www.dnsqueries.com) JH*1I lW^ ^ (hosts) 

. TCP/IPJ y jjJI {S JL^jVI flJ IP jIjjc < \u>y<\\ fJ\ jl o^j^l 
■SOAj CNAME 4 AAAA< MX' Ji* DNS <SV" £jJ j^lS A ^UiUlu.Vt <> ^Ua 

^1 JU^L ^ jSj .{Sj^II lifrj ^UJI c_jjj3I aj^l^x o^j^ ^ . Enter ^ Uir^W ^http://www.dnsqueries.com 
J^dl sbi jjl! (jja jSjIj (Microsoft.com gij* ^ ^) Perform DNS query JSaJI J ^jj ^\ 

-g Jti]j ^^a^ L£ Microsoft.com DNS cjUjI** o^j^ -run tool 



DNS Query Utility: g 

wvwv.dnsqueries.com en/dns_query.php 



25 November 2009 
Fixed bug "style not 
defined" 

tE6 users can now be free 
from annoying popups! 

16 October 2009 

IE Toolbar released 

After more than a month of 
devetopement we have just 
released the new toolbar 
version! 

6 October 2009 

The toolbar goes 500 

Statistics told us that our 
toolbar have more than 500 
active users 

14 September 2009 
New smtp tester 
version 

We have just released a new 
smtp tester version! 

11 September 2009 
New improvements 
released 

After 24h from the deploy of 
DNSQueries.com v2 we 
have released a few 
improvements to the 
interface 

10 September 2009 
New portal released 

life did ft again 




150 Jl 



This tool is very useful to perform a DNS query on any host. Each 
domain name (Example: dnsqueries.com) is structured in hosts (ex: 
www.dnsqueries.com) and the DNS (Domain Name System) allow 
everybody to translate the domain name or the hostname in an IP 
Address to contact via the TCP/IP protocol. There are serveral 
types of queries, corresponding to all the implementable types of 
DNS records such as A record, MX, AAAA, CNAME and S0A. 



kj Perform DNS query 

HostName: 



microsoft com 



Type: 



4 



Results for checks on microsoft.com * 


Host 


TTL 


Class 


Type 


Details 


microsoft.com r j 


3600 


IN 


A 


65.55.58.201 j 


microsoft.com r j 


3600 


IN 


A 


64.4.11.37 ^ 


microsoft.com r j 


167008 


IN 


NS 


ns2.msft.net 'j 


microsoft.com r j 


167008 


IN 


NS 


ns1.msft.net j 


microsoft.com r j 


167008 


IN 


NS 


ns4.msft.net \j 


microsoft.com r j 


167008 


IN 


NS 


ns5.msft.net ) 


microsoft.com j 


167008 


IN 


NS 


ns3.msft.net | 


microsoft.com r j 


3600 


IN 


SOA 


ns1.msft.net msnhst.microsoft.com 2014030102 300 600 2419200 3600 


microsoft.com r j 


3600 


IN 


MX 


10 microsoft-com.mail.protection.outlook.com | 


microsoft.com r j 


3600 


IN 


txt 


FbUF6DbkE+Aw1 /wi9xgDi8KVrllZus5v8L6tblQZkGrQ/rVQKJi8CjQbBtWtE64ey4NJJw)5J65PlggVYNabdQ= = 


microsoft.com r j 


3600 


IN 


TXT 


v=spf1 include:_spf-a. microsoft. com include:_spf-b. microsoft. com include:_spf-c. microsoft.com 
include: spf-ssg-a.microsoft.com include:spf-a. hotmail.com ip4: 147. 243.1 28.24 ip4:147. 243.1 28.26 
ip4: 147. 243. 128.25 ip4:147.243.1 .47 ip4: 147. 243.1 .48 -all 



Google 



AdChoices D> 

► Test Reverse DNS 

► Check DNS Server 

► Domain DNS 




Best DDoS Detection 

prolexic com/ddos-detection 

More Knowledge, More Experience Largest Security Operations Center 




WphPartnpr<: 



Ping SlAl ^l^lwb m 
t-J&V Ai sbt .packet Internet Groper -S jU-aS^I j& :Ping 



J IP ji^ JL^iV! c> J^il! j o^il! o^j^^ji (LINUX, MSDOS, UNIX j-l jV! jk* ^ 
jW ? j*> c> pi n g J**\ ^ .TCP/IP Jj^jj J ji Router jl 

^4 ping >*Vt ^ 

. (loopback)s^^ ping >*Vl ^^^1 .4 

J jl) ^ ^uii ^ penetration tester c> ^-^^ ^ ^""U .c5 cjU jixJI o^xjj (frame size) ? 
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?ping j^Vt J-axj uL£ 

4-^b*Jl ICMP (Internet Control Message Packet) JjSjjjjJI ^l^l^U (IAjLjII ^> <u JUJ J^U <> ping lUs 
4_iLc J^U <>j .(ICMP response) ^M^II c> ^ J j^i] jlkuVI ^ <>j (echo request packet) j^Vl 

L_fl^su j ^^Ic <J jj^^JI ^--O^ lB-^jI £y* f i^LudAll Cja jll (JjAjS c>5 ic lIaxj ping ,>*VI cs - ^ J jr jUaliVI 

B l^j|jSa ^ <*j*> J\ iS^k ^4 f j^jround-trip time ■> 

.j>^ command prompt (cmd) J^' fj* ping ^ Jli« 



Microsoft Windows [Uersion 6.3. 9600 ] 

<c> 2013 Microsoft Corporation . fill rights reserved. 
C : NllI NDOUS\systen32 >pinty www . cert if iedhacker . com 

Fincyincy www . cert if iedhacker .con [202.75.54.101] with 32 bytes of data.: 
Reply from 202.75.54.101: bytes=32 time=680ms TTL=112 
Peply from 202.75.54.101: bytes=32 time=396ms TTL=112 
Reply from 202.75.54.101: bytes=32 time=394ms TTL=112 
Reply from 202.75.54.101: bytes=32 time=450ms TTL=112 

Ping statistics for 202.75.54.101: 

Packets: Sent = 4, Received = 4, Lost = 0 <0K loss), 
Approximate round trip times in milli— seconds : 

Minimum = 394ms, Maximum = 680ms, Average = 480ms 

C : MJI NDOUSNsys tem32 > 



>ping© www.certifiedhacker.com 



<jl lost =0 j received =4 j sent=4 UA* Packets cjUjIx^I 4 JL*jl ^ -ol 

202.75.53.101 j* j www.certifiedhacker.com J IP ub^- csj^Vl CjUjkJI UL^ UjI L^J Ji^^U 

tl^JUfljjojl ^aii ^^jII j tg-Itjujjl ^2 <^i31 lS^° ^ ^ > u jl ^2 <^ill packet 4^3^ j^*-* cs-^* J j> lA^j 

.approximate round trip times ^ 

ping gUjt Ji^i 

Ping [-t] [-a] [-n] [-1] [-fj [-i] [-v] [-r] [-s] [-w] [-j] targetname 

^jping j*Vl ^ t^jj c^^j ^j^^^ j^^^ 0^ 

IgjJa jCj CjUjU^^VI AjdatLa l^^jl lijj (jC L_fl3jJJ c _ 5 ^- 4-3 jllaxJl (jl jLoajVU j.<Uu)J ^jLj ping ^>f^ C5^^J ("t) 

. CTRL+Cf ^Ijping j CTRL+Break, 

^VIS ping j^VI 3_kJjj <!Laj jl jIaJI c> (max frame size) j& -ul^iait Liajl jI^j 



1 1 

( 



: \U I NDOUS \s ys t e ri3 2 > p in a; uww- c e r t if ie dhac ke r.con -f -1 15 00 

inging uuw.cert if iedhacker -con [202.75.54.101] with 1500 bytes of data: 
acket needs to be fragmented but DF set. 
acket needs to be fragmented but DF set. 
acket needs to be fragmented but DF set. 
acket needs to be fragmented but DF set. 

ing statistics for 202.75.54.101: 

Packets: Sent = 4, Received = 0, Lost = 4 <100K loss>, 



:\WIND0US\s 



;tem32> 



a!^J\ ^> Ajj^i <4ia ^jjj <j( is j*i [Packet needs to be fragmented but DF set.] <Jl^JI ^ ^^S^l -ol ii^^U 

Ajuz LjJajl lixi^Jjajlj dljU 32 (^^jJaljIiaV! ^ ^ Cilia <L^)Ia ^jc 4_lLai^)3! ^ a -Ij^J clA^ ( — 1) ^ I^A^LujI Cilia. lA jJxj aJj 

1300 ^ u^j Wj^ j^-^ jVI 
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1 1300 



1300 bytes of data: 
112 




1300 j 1500 Ping ji clA^ J^jll ^ > -aSl q\ tilli ^ ^ninni <ULu.j_l JLujjU ^li <j| 

:jM£. 1473 m 1500 j 1300 <> jVl JjL-j 




US\siFstem32 >ping www - ce 

www .cert if iedhacker.com 
eeds to be fragmented b 
eeds to be fragmented b 
eeds to be fragmented b 
eeds to be fragmented b 

tistics for 202.75.54.1 
ets : Gent = 4, Received 

US\s ostem32> 



> i n *j hj\f 4 ti . cc j*t if ± o <J ha a he i- _ c o m I" 1 L4^ 




:^VU 1472 J^-jVI <^fl <J <Q iaJ 



Hinq inq «jwy . c ert if iedhac ker .con 1. 5£ M _£ . Vb -. b 1 » 1 (41 1 wit ft 14Vi! bytes of data 

Heplv from 292 .75 .54.101 = bytes. =1472 tiiw=3S9mi; TTL=114 

rtc t> lv f_-*jim .54.181: bytes-1472 t line -328ms TTL-114 

fieply fron 2B2.7S .54.101: byt#«=1472 tine s 282ns TTL=114 I 

Reply from 292.75.54. 1 01 = bytes =±472 t iwe =3 1 7ws T TI_ =± 14 | 

Plug statistics For 2 02.75.54.101: 

Packets > Sent — 4, Recciucd — 4* Lost — 0 loss>, 
App^oxipia^te paund tpip tines in nllli-secoriils : 

Mininun = 2fl H , Max imiirn = 359*i«S4> fluerfl^e = _l-i*?n_F. 



.1472 j-^l 1^-! ping >«VI Iflw jj ^Ul 4_1Luj jU ££aa j&\ lit JLw jVI ^ ^aJ 4JI Life __aJ 

.(-1) Life (frame size) <UjaJt/4JLui j]| ^ 4 ^-.^It 4jL<____il <_jl ___>J 
^Uui^b p jij router <^ j*M ^ J! ^ A (Time to live) TTL ^ (FRAME) P >ll 5^ 

.(loss of packet) <*>^ ^aj^^ ^ 

TTL £-ia j ^ ^AaJLujJ ^j__al <_5-i*-^ ^Ij^lU 4jaitLi j ^3^" ^jla^t ^A__J ^^jll j (-|) A *us-\\\ ^\^1ua\ Uiajl {j^J 

.4 c_T^ J-***-^ *---*_.! Cilia AluJj>Jl ^ j__Jl _}__C ^ " C5"^J ("tt) ^ ^ iklu.! L-_aj| (j^-AJ <J-^ 

:c5 jV1£ o&J ^ ping j*bU UJ! <i^_SI 
ping [ -c count] [ -i interval] [ -1 preload] [ -p pattern] [ -s packetsize] [ -t ttl] [ -I interface] [ -T 
timestamp option] [ -W timeout] destination 



: ping www .goo gl_ e . c o m 




















PING www . googls . com (173.194.113.144) 56(84) 


bytes of 


data . 












64 bytes from hamO2sll-in-fl6.lGlG0.net 


( 173 


. 194 . 


113. 


144) : 


ic mp req 


= 1 


ttl 


=45 


t im 


e=868 ms 




















64 bytes from hamG2sll-in-tlG.lelOO.net 


( 173 


. 194 . 


113. 


144) : 


i c m p re q 


=2 


ttl 


=45 


t im 


e=1184 ms 




















G4 bytes from hamG2sll-in-tlG.lelOO.net 


( 173 


. 194 . 


113. 


144) : 


ic mp req 


=3 


ttl 


=45 


t im 


e=129G ms 




















G4 bytes from ham02sll-in-flG.lel00.net 


( 173 


. 194 . 


113. 


144) : 


ic mp req 


=4 


ttl 


=45 


t im 


e=15G3 ms 




















A C64 bytes from hamG2s 1 1 - in - f 1 G . 1 e 1 GO . n^ 


- 1 ( 1 


73 . 19 


4 . 1 13 . 144) 


: icmp r 


eq = 


=5 ttl = 


45 t 


irne = l 1 G 1 ms 




















www.googl_e.com ping statistics 




















5 packets transmitted^ 5 received, G% packet 


"Loss 


r time 6672ms 










rtt min/avg/max/mdev = 868 . 6 G 3 / 1189 .831 




. 831/ 


209 . 


613 ms 


r pipe 2 










^ ■ 
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Table 5-1. Command Line Switches for the ping Command 


OWIICII 


Effect 


-c count 


Send only count echo requests before exiting. 


- i lntezrva.2. 


Pause interval seconds between echo requests. 


-w timeout 


Exit after timeout seconds have passed, even if all echo replies have not been received. 


-b 


Allow the specified address to be a network or broadcast address, effectively pinging every host on the 
specified network. (Only available to the root user.) 


-f 


Ping flooding. Send echo requests as quickly as possible. For every request sent, print a " . ". For every 
reply received, print a backspace. A resulting progression of periods across the screen implies packets are 
being dropped by the network. (Only available to the root user). 



till ^joaj fping j^Vl .^aJj <^[host] 1 * a j 1 u a lj* (j&aJil] ICMP ^ i^l^Ij till ^jujj <il j& ping j*Vl ^ 

IP CtiJ^ ^jjiiijJaxJl ^.UujjI <j c qU d^IjS Uiajl cill ^jjj c_fl jjoj .^.1 j ^1 ^l>laJ uAj [multiple llOSt] >>^^1 (j-a ApaJl 

i^JUll ^UjI JjjL j& ^ ICMP swap d^ul fping j*Vt ^l^i^V .ICMP echo requests^ ^l^kl^U W^jjj 



fping-asg network/host bits 
fping -asg 10*0*1*0/24 



: # fping -as www .goo g~L e .com 
/ww . googl e . com 

1 targets 

1 alive 

© unreachable 

© unknown add resses 

G timeouts (waiting for response) 

1 ICMP Echos sent 

1 ICMP Echo Replies received 

© other ICMP received 

135 ms (min round trip time) 
135 ms (avg round trip time) 
135 ms (max round trip time) 

G . 136 sec (elapsed real time) 

: — # | 



nslookup SUSft ■ 

j£\ qku'^aW < <Vv^ J cj^Uuoj J jj^JI Ujjj DNS ^jI^ t> pi*lo£U 1^1 jlaj sbVl NSLOOKUP 
.Windows J^it fUail J ^ j U> ^SiA cjI jl^l ^> NSLOOKUP ^ ^ <Jc> ^ 

m i£l <j^alaJi Jj» J laj CjUj^a j- ^ Lajb <x^Jj>» < . LaJ t JjxJall <■ fllla a JJJ !^ 4jjLu» <LjlaJ J-<i*J NSLOOKUP 

<j-aLaJt IP jl jjc jL^j] ^£ Al £tJJJ ^ilt j (j^t-d Q±A IP jl jjc J jj^aail Ajj^al j^ll Jj3 nslOOkllp SbVI ^I^IojI 

j-dVl ^b^luiU DNS ^ ^.rlui^U ^jj^kVl (jJ-d^JjouJl AlSj L-Jxj> AS\ j A (J^a^jaJU 

j;'^ o <iila jj 4 DNS ^^^J cJ^-^- cl>^ ^^^Vl c5^>^^^ J^^^)^^ 4_iLgjlI Sl£La^ ^>f^ J^^^)^^ ^ (j^lislooklip 

.zone proprieties' ^M'^ c> cjU^SI JS* ^ ^ jjlS jj^ u' [penetration tester] (jij^VI 
^jc J j » ^H nslookup j-aVl ^l^i^l c> o^W^^ t 1 ^ ^ .zone transfers ^L^JI ^ jlrk ^j^i .zone transfer tab 

.DNS f^iJ ^j>^ ,Wlt cjU jlxJ! t> %jj ^ jajj J NSLOOKUP A (zone's record) c^^J 4^la 

^UjJ! ^iLuj Ujl <LLouj ^ liA .[interactive mode] J^\^\ ^jll ^ c^ 31 > NSLOOKUP 

c^(terminal) ^ Cy* NSLOOKUP ^b^iuiU i^j >^ J^xj ^ ^ ^ Vji 

:nslookup ckj^ c> Jj^^^j ^ command prompt jl 
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Command prompt in windows 



= \UI NDOUSSsyste 
ef ault S e i- *j e i- = 
ddress = 192.16 

* Pie lp I 

omnands : < ±cle 

ft ME 

AME1 NAME2 

e lp or- ? 
e t OPTION 
all 

[no Idebug 
[no ]d2 
[no ]def nane 
[no Irecurse 
[no Dseai-ch 
[no ] v c 
domain =Nfl ME 
srchlist =N± [ 
root =NftME 
i-e t 1- v = X 
t ime o Lit =X 
t ype =X 
Oft , S RV > 

queryt ype =X 
c las s =X 
[no ]nsxf r 
ixf i- *j e i- = X 
erver NONE 
server NftME 

S° Copt □ DOMfl I N 

— a 

—a 

— t TVPE 
TR etc _ > 
iew FILE 
xit 



ri3 2 >n s lo o l<Eup 

U n Kn o wn 
8 -16 _ ± 

ntif iers are shown in uouerca.se, C □ means optional> 

— print info about the host/domain NftME using" def ault server 

— as above, but use NAME2 as server 

— print info on common commands 

— set an option 

— print notions, current server and host 

— pi- in t debugging information 

— print exhaustive debugging information 

— append domain name to each o;uerv 

— ask for recursive answer to o;uerv 

— use domain search iist 

— always use a virtual circuit 

— set defauXt domain name to NftME 

/N2 y _ _ _ /N6 1 — set domain to NX and search iist to Nl , N2 , etc _ 

— set root server to NftME 

— set number of retries to X 

— set in it ia 1 time — out intervai to X seconds 

— set query type <ex _ ft , ft ft ft ft , ft +ft ft ft ft , ft NV , CNft ME , MX , NS , PT Ft . 

— same as type 

— set o;uerv cXass (ex. IN <Internet>, ftNV> 

— use MS fast sone transfer 

— current version to use in IXFFt transfer request 

— set def ault server to NftME, using current default server 

— set default server to NftME, using initial server 

— set current default server to the root 

[> FILE! — list addresses in DOMfl I N Coptional= output to FI LE> 

— list canonical names and aliases 

— list all records 

— list records of the given RFC record type <ex. ft , CNft ME , MX , NS 

— sort an * Is * output f ile and view it with pg 

— e x it the program 



Terminal in Linux 




di^JI Jl^fLual fia lJj^ < Enter £ "nslookup" -M^S ^ . J^-^l <> nslookup ^ ^ ojfc <"nslookup" j*Vl jl^L> 
server ^ Cp* ^ Aij*.* ^-^1 *j .(ISP) <*-uj^VI ^aSLqj ^aLkll ^£LJ! l ^1 j CujiiVI <^ jJI 

: JUK Jli* .-uc pUl^VI ^ Jtt DNS fili IP "server" ^> lM c^> t> NSLOOKUP 



>server©8.8.8.8 



□ ^jujVI {a\a\\ (Jjj^iii lserver j*VI ji server j*VI ^vi>»n tSjJjL^ j±\ ^L* ^\ <jc ^!>lxiaj^l! ;4iajpl a 
13 ^LaJI ^^jjal jiiaVl ^iLJI server j*VI - ikiu^j Umj aJ] cJ^-^f^ ^ILJI <jl jjc ^^ic J jj^a^il all ^£LJI lserver 



> server 

Server: UnKnoun 
Address: 192.168.16.1 

***** UnKnoun can't find server: Non-existent domain 

> server 8.8.8.8 

Default Server: google— public— dns— a . google . con 
Address: 8.8.8.8 

> server 

Server: google-public-dns— a . google .con 
Address: 8.8.8.8 

MX * google— public— dns— a . google . con can't find server: Non-existent donain 



"any" M-Vl i-lSll P bii-L any Jj type 



>set type=any 



[set type = mx]cJ j ^ u ^^ - ikiLaij ^ a^Jl a ^laidl] ^jjii^lVl ^j^i ^ <-^^ JL ^ c^^^ ^j^^ ^iLJ IP ^jl jjc JiLo DNS 
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.[>] ^M*JI U^JI c#> y&\ JLM cAJ> u^NSLOOKUP j-MJ jVl DNS j^ 1 ^ f3 



> set type=anii 

> syngress - con 

Seruer: google— public— dns— a - google .con 
Address: 8.8.8.8 



^n-aut 
jyngres 
jyngres 
jyngres 
jyngres 



horitatiue answer: 



s.com naneseruer = n 
s.com naneseruer = n 
s.con naneseruer = n 



ns0— s . dns . pipex . net 
nsl— s .dns .pipex.net 
ns.elseuier.co. uk 



;yngres 
;yngres 
yic . net 
;yngres 

i icnx . n 



primary nane seruer = ns.elseuier.co.uk 

responsible nail addr = hostnaster.elsuier.co.uk 

serial = 2014031103 

refresh = 3600 <1 hour) 

retry = 900 <15 nins) 

expire = 2419200 <28 days} 

default TTL = 900 <15 nins) 

j . com internet address = 50.87.186.171 

i . con MX preference = 10, nail exchanger = syngrei 



. con . inboundl0 . nxlo 



s . con 
et 



MX preference = 10, nail exchanger = syngress . con . inboundl0 . nxlo 



i±— s . dns . pipex .net 
i . e lseu ier . co . uk 
t0— s . dns . pipex .net 



internet addrei 
internet addrei 
internet addrei 



= 158.43.193.83 
= 193.131.222.35 
= 158.43.129.83 



i^Vl^ J*^l £ jj ^l^i^l Uj^j l<j Ua ."ns.elsevier.co.uk" a 1 * Syngress ^ i> s^l j J! 



> syngress. con 
eruer: [8.8.8.8] 
ddress: 8.8.8.8 



NS request tined out. 

tineout was 2 seconds, 
on— authoritat iue answer: 
yngress.con MX preference 
icnx .net 

yngress.con MX preference 
ic . net 



10, nail exchanger 
10, nail exchanger 



tyngress .con. inboundlS . nxlo 
tyngress .con. inboundlS . nxlo 



.iiLUa DNS MO* ' "J L$J*>\ Sj-ft timeout & l^j :4Jajal* 



> se rve r 8.8.8.8 
Default server: 8.8.8.8 
Add ress : 8.8.8. 8#53 

> se rve r 

Default server: S.S.S.S 
Add ress : S . S . S . S#53 

set t ype=any 
:> syngress.com 
Se rve r : S.S.S.S 
Add ress : S . S . S . 8#53 

Non-authoritative answer: 
syngress .com 

origin = ns.eisevier.co.uk 

mail addr = hostmaster.eisvier.co.uk 

serial = 2014G31103 

refresh = 3600 

ret ry = 9GG 

expire = 24192GG 

minimum = 9GG 
syngress.com nameserver = nsl-s.dns.pipex.net. 

syngress.com nameserver = ns.elsevier.co.uk. 

syngress.com nameserver = nsG-s.dns.pipex.net. 

Authoritative answers can be found from: 

ns.elsevier.co.uk internet address = 193.131.222.35 



https://www.facebook.com/tibea2004 



86 



^£3 <j| cilj^kj liA b aj o-aUJI pUjujVI <xJ Ja^l ^ autherative answer can be found from aJI^JI i^^U 
l— il ja. cj^j Jc <j| a^j Syngress <tic LLLuj lik^V .^l^JI 11a JIjjuj <qj 6.is£l aJ-^.1 Jc- 

s^^j .[ns.elsevier.co.uk] *^£l Jc Jj^J aJ!^ t*lia l-JL ^Ij ^^jouj jll ^SLIt W*-* DNS 

11a a ikludj l_s jjuj UjI ILLuj U1S ^ .DNS *^<^VI ^L^/^Lg ^1 [server] j^*^l ~i iklJ 1 A\«\\f~.\\^\\ \'^& J) 

^jjJI ^1 ^qU <i^)x-<J mx ^^[record] cJ^^I -^o^ ^1 Uiajl ^pajiiij .o^ji l£^I Cfr* j-^l o^- Jlj^l J ^Slxll/^jlaJI 



> se rve r 193 . 131 
Default server: 
Address: 193.131 


.222 .35 

193.131 
.222.354 


.222. 

£53 


.35 








> set type=mx 

> syngress .com 
Server: 
Address : 


193.131 
193.131 


.222. 
.222. 


.35 

,35#53 








syngress .com 


mail exchanger = 10 


syng ress . 


com .inboundlG , 


.mxlogicmx .net . 


syngress .com 

l 


mail exchanc 


jer = lQ 


syng ress . 


com .inboundlQ , 


.mxlogic .net . 



J^-^i .non-interactive mode J j\ interactive mode J nslookup ^iLc u' o*P^ 
jl 4_iUbl ^jua ^\ nslookup j*VI (Jjj^ ^ c*Ui interactive mode ^ jit J nslookup 
.(>)^UJI jj^Si j j^VI J j^ll Jl c^^jj c5^l .command prompt -SI J ip uL^ j' hostname ^i^aJI ^1 aJj ^ (-) 
^1 ^Ijjuj 4_JU3I ( yj^»3l c> c^l nslookup j*VI 3±& c&J 3 ^ ^ non-interactive mode t^jlt J ^ b» * ^ ^ 

.(IP address) ip ulj^ jl hostname ( <j > ^ t 
uj^ 5 .non-authoritative answer jl authoritative answer ^ nslookup sbVl fl^^l ^ 

^^Ui^VI <^ jj cJ^I c> nameserver *LmVl JL*j Ujal jjal nslookup ^ j (non-authoritative answer) ^ >• 
Jjj^JI Liajl .<Uc JLoij ^ill not authority uj^j (nameserver) o-^UJI ^U^Vl ^l^j a <i o^\^\ 

if- (autherative nameserver) <^^l Jl JLajl Ja (autherativite answer) <^^l J^ 

^^^IxJjujVI -IjJJ jll (jJ>»J^I ^Uijajl 

ysiAi gi^jj >vi gU^vi u 

Ai I^jLs j^Vl liA jj^ .Is j^Vl ^I^IojU [zone transfer] Nslookup ^bVl ^l^i^l 

; JU31£ is j*bU <LiaJI ^Uj jjlj .(<^jUJI j ^LkU^record) <^^^>.»J1 ^-al c^*-^) ci^b 

>ls [- a | d 1 1 type] domain [> filename] 
jlxlaixJI ^jujVI ^L^.jI Jl [-a] ^1 lS^j! .cjU»1L<JI ^IaujIj ^jjUxJI djUUj iAjla ^L^.jl Jl LjI ■ o j ^jj^j Is ^>°VI ^1.1^1^1 l^^j^ 
J) [-t] j^^j ^^11 AilS ^Ujl Jl [-d] j^l ^? '[canonical names and aliases] ^jl*^JI *U^Vlj 

.Altla jll plj^L Jaia aS jij j>JI CjI^jJoII jl ^jjjUslSI ^ j^j tiiiaj DNS J (zone transfer) AilaiJI (JSj CjULoc ^!a^. (j^j 
***Can ? t list domain example.com.: Query refused 

dig SlAl ■ 

^jij <JaLaUJ (jaiS 6 dig J-^^l lI^*^ J^Sa (jn^nl JjlxjaLill ^aUaj ^ cJ-**^ . DNScl)^ jl*-dll ^Ij^lmV A a) hr> (_^^)^.l obi Dig 



dig @target_ip 



. J^JI c> ci*^ dig 6 c5 j^' j>^l c> .^ M" tt i " c?^l J*^l IP ^ "target_ip" Jl^^l ^jj <, JUJI 
Jij jl Jl & jl^VI .(zone transfer) AiJaiJI J^ 4_iL^ J <ia J^lj nslookup j^J^ AikiJ I J^ <!jU^ 

Ai^jjoi^l £)NS * J^jj J Alklo Jij c5^JJ (j^ clA^ ^CjVI^JI (J^axJ J .DNS (j -0 6^^*^ Cj^juj t . w >A a iklujJ Aikldll 
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. (zone transfer) 1 ^^ 

IP q\ jixJl dli (j^j^l AiSal<J! Jij 4_IjL^ L^j! b) . [-t© AXFR] J^*^ ~t ikluL (Jig 4lki<Jl Jii <!jL^ UjSai 

:JU3! j-Vl u3Sj»example.com w j Jl 192.168.1.23 



dig©@192.1 68.1 .23©example.com© - t©AXFR 



bl 

r^Vt* Os«u ^ DNS l)^ ^^LuuVI ^^kluu-JI ^jiSfl jAl ■ 

DIG available at http ://www.kloth.net 
myDNSTools available at http ://www.mydnstools.info 
Professional Toolset available at http ://www.dnsstuff.com 
DNS Records available at http ://network-tools.com 
DNSData View available at http ://www.nirsoft.net 
DNSWatch available at http ://www.dnswatch.info 
DomainTools Pro available at http ://www.domaintools.com 
DNS Lookup Tool available at http ://www.web wiz.co.uk 
DNS Query Utility available at http://www.webmaster-toolkit.com 

Li£ dljj ^L/gyJt£ JjL&il ? Uaj ^ DNS CP I A^IaP ^ ^Vim^t d\ 

^uaij ^uIaslSI ^ ^IaxjI! " enumeration service" 4-*^ ^l^kiujU JjiaJI o^asu ij^ji ^ ^ 
J] ^\ j^J| ^j^i 4_jLc. ^ DNS .[DNS enumeration] DNS cAjjSj -Lalj^ ^ Jai <Jzj*j> m aS^S\ ^ CjU 

^UjojI j ^j^^klaixJl pLuJ JLa <-<dai<Jl (jC dlU jlsuall U3 £C*juiJ L_S jjuj DNS fi^-M 4 aU\a\\ DNS t— iVt^jj DNS 

JxiS uL£ .bS* j tip cjjjUc t jj j^ill Sj^i 
DNSwalk *U*i ■ 

s^&lS <> (i^jjj <Aaau*J! o^j^^ i> (zone transfer) AikiJI cjLLc. ^ .DNS database debugger ^ 6 ^ 

.[dnswalk©3.2.1.in-addr.arpa.] ^^AxJI o^j^^ j' .[dnswalk©podunk.edu.] ^ o^j^^ ^1 ^ ^^i^i 

:dnsenum SUSfl ■ 

JU^jjII ^ cl^j^ 3 Cf- sbVI . Jj^ ^^jf* j dnswalk sbV! 6 ^ 



Sdnsenum©— enum@www.google.com 



ot@j ana : ~# dnsenum — snum w 
dnsenurn . p\ VERSION : 1 . 2 . 2 
Wa r n ing : can 1 r "Load Net : : Wh o i 

www . google . com 



mama/ .goo g~L s . c o m 



: : IP mociul 



disabled , 



Host "s addresses: 



v-.-v-.-v/ .goo gl_ o .com 

www 1 .googls .com 

V-A--A--/ .goo g~L e . c o m 

o gl_ s .com 

o g~L e . c o m 



_ 



173 . 194 .113. 144 
173 . 194 . 1 13 . 145 

173 . 194 . 1 13 . 147 

173 . 194 . 1 13 . 148 
173 . 194 . 1 13 . 146 
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?dnsenum <^tj^ cjUjk^l p jj U 



. mxc5^ J ja^JI / DNS *U*>Vl ^1 j^ ^ J j^JI / (A J^ll) (hosts address) * «i > ™ti jl jjc ^ J j^JI 

. BIND^l ^ J j— j (DNS) pI^-VI ^1 > AXFR ^U3UIJ 
^l^kiujl (jjjia jc (extra name) 4_ik^yi *^^j(subdomain) <^t^VI jail cjtalkdl ^ Jjj^JI 

.(google scraping) ^^11 j^ ^iUU 
lsJ^J txt t*llij (subdomain name) M-^V' ^^tft Brute force f\mJ 

.(subdomain name) ^iLii^JI ^SLLjII *UJ <i j^J <o] jU^ (95 sub domain name) 

\ gjW whois <-~jU»^Jtlujl j C Ajill j>i a£jJo3I CjtaUaj t jm^j 



-i 

-2 
-3 



-5 
-6 
-7 



—threads [number] 
-r 
-d 
-o 



.(reverse lookup) gr"^ 1 cAAac jja2 
.txt ^ J\ gtoll ^ 
^ J-*^ U-^j Dnsenum ^l^aJLuiLj *n j^-aj <jaUiaVl dt jLaJt j^asu c*1Ua 

[recursive lookup] ^"^ l <^JI CjLLc. jA*1j ^a^j 

WhoiS J£ J-^W <*— ^ jll (ill ^ajujj 

^jui ^ jill j>» A£jjaJl JjUaj ^^ic wllOiS £A^U*ml jj£ till ^ajujj 



-w 

— enum = [--threads 5 -s 20 -w] 

.man f CjIjjjjuJI JL <^n\ 
dnsmap SUSfl ■ 

.(subdomain name) V* j^t cjISLLjII *UJ ^UjI 4j^U (dnswalk , dnsenum) u^^l jiibbU <£U^ L^l ^ 
l^l^kiujl tt^L ^ I^jUj o^j^ H ^ .(brute forcing) oh^^ 4_iLc i> wordlist W*-* yr^ 6 ^ 

.(root privilege) ls ji?JI ^vim^ l CjU^L^ jj^j 
icPVIS dnsmap J-^ jSH ^ ^V! liA ^l^l^V 



root@jana:-* dnsmap 

dnsmap Q.3Q - DNS Network Mapper by pagvac [ gnucitizen . o rg) 

usage: dnsmap <target -domain> [options] 
options : 

-w <wo rdlist -file> 
-r <regular- results-file> 
-c <csv- results -f ile> 
-d <delay -millisecs> 

-i <ips-to-ignore> (useful if you're obtaining false positives) 



dnsmap target -domain . foo 

dnsmap target -domain . foo -w you rwo rdlist .txt -r /tmp/domainbf_results . t: 

dnsmap target -fomain . foo -r /tmp/ -d 3GQQ 

dnsmap t a rget - fomain . foo -r .Zdomainbf_results.txt 



.brute forcing ^ e^ 1 ^ ^ >^ ^ wordlist j^ [-w] 
.^cjUII l^L ^ j*V! ^lajj ^ ^^ki^j regular-results-file 6 ^ [-r] 

.4 alalia <LjlaJ ^uHill Aj3 j jkj c_fl jjoj ^ill c flL&II ^ jj j CSV J jl^al^.1 [~c] 

.ajjIS (j? LJIj cdlij jrkbl! delay <^ jU^lkl ^ [-d] 
.(IP's To Ignore) o-^J! ^ Oj 1 ^ 5 ^ IP ^ IP jU^l j* [-i] 
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-2 
-3 
-4 
-5 
-6 



dnsrecon SUSfl ■ 

.(sub domain) cjtiUaill Ai^xJ brute force ~ laJLuii j ^l^ll (jj^iij LijjSj ^ jSill <LLuJ! CjIj^VI aJu^i abl Liajl ^^a 

jjj^ ^ j3j\£ JjS U jjjki ^ sbVl ^ .MX j SOA jNS J^^j (query) f!A*2J ^ sbVl lU*^ 

^ l+2li cSUVt <ti 4jU£JI ^ ^3H cjSjJI ^ 

.brute force ^l^i^U (hostname) u j^^ (subdomain) Ajal^Vl cjtitkdl *uJ -l 

(A,NS,SOA,MX) DNS ^ ^ M-Vl c^J! & d^JI ^ 

.NS ^j^^ <*^J (zone transfer) 451*1*11 JSj 
. (Reverse LookupX*^*^ 

.SRV ^j^W^ 

. JlLdjiill ^ \ $ \ ac. Aijjla ^j^i3 dilj^xjll ^ <c a dnsrecon.py j*VI (Js^A 3 sl^VI Jac Iajj 

I^Vt* CjIjjaaJ) <> jjj£J) SI ^31) Cj) j^JI/Cj) Jesuit <> 4^ j-*^aj SbSf) £t ±aJ 
^illj [-d] J^xjII ^l^klojl <jJjla jt tiUij c^^Jl (j^J^ DNS (j* AjA^jII d£Uuuill J jj^a^Jl SbVl ^l^klajl -1 

<^-J l£^J 6 ^J^ c^N lalu^VI 4_iLac ^ jj lj l^j] ^U'ij [-t] J^*^ ~ l^Loij .L_fl^Jjaa>Jl (jjixajJ! ^juil oAxj £jJa jj 

ajjVI d^->,n1l yjllj DNS p*k l> cjLLc. ^ [std] 

SOA, NS, A, AAAA, MX and SRV if AXRF on the NS Servers fail. 

-cg juj£aJl ill 4)\aC. ^^-istJ [rvl] 

.brute force <^ [brt] 
.SRV £SUu* c> [srv] 
y ^\ a*U\A\ J^j j ^jlaLk DNS ^ [axfr] 



[goo] 



TOP LEVEL DOMAIN ^ [tld] 





: — # dns recon . 


py 


-t std -d 


google . com 






[*] 


Performing General 


Enume ration 


of Domain : 






[-] 


DNSSEC is not configured for google.com 






[*] 




, nsl . googl 


e . 


com 216.239 


.32 . 10 






[*] 


NS 


nsl . google 


. c 


om 216.239. 


32 . IG 






[*] 


NS 


ns4 . google 


. c 


om 216.239. 


38 . 1© 






[*] 


NS 


ns3 . google 


. c 


om 216.239. 


36 . 1© 






[*] 


NS 


ns2 . google 


. c 


om 216.239. 


34 . 10 






[*] 


MX 


al 1 4 . aspmx 


.1 


. google .com 


74 . 125 .25 .27 






[*] 


MX 


al 1 2 . aspmx 


.1 


. google .com 


173 . 194 .69 .27 






[*] 


MX 


aspmx .1 . go 


og 


le . com 173 . 


194 .66 .27 






[*] 


MX 


al 1 3 . aspmx 


.1 


. google .com 


173 . 194 .71 .26 






[*] 


MX 


al 1 1 . aspmx 


.1 


. google .com 


173 . 194 .7© .27 






[*] 


MX 


alt4 . aspmx 


r ^ 


. google .com 


2607 : f8b0 :4O0e 


:c03 : 


: la 


[*] 


MX 


al 1 2 . aspmx! 


Cl 


. google .com 


2a00 : 1450 :4O08 


:cQl : 


: lb 


[*] 


MX 


aspmx .1 . go 


og 


le.com 2aGG 


: 1450 :400c :c05 : 


: la 




[*] 


MX 


al 1 3 . aspmx 


.1 


. google .com 


2a00 : 1450 :4O10 


:c04 : 


: la 


[*] 


MX 


alt 1 . aspmx 


.1 


. google .com 


2a00 : 1450 :4001 


:c02 : 


: lb 


[*] 


A Q 


loogle .com 


173 . 194 .45 .72 








[*] 


A g 


loogle . com 


173 . 194 .45 .68 








[*] 


A g 


loogle .com 


173 . 194 .45 .73 









dnsrecon.py©-t©std©-d©google.com (Standard (-t std)) 
dnsrecon.py©-t©tld©-d©google.com (Top Level Domain (-t tld)) 
dnsrecon.py©-t©axfr©-d©club.net (Zone transfer (-t axfr)) 

dnsrecon.py©-t©rvl©-i©66.249.92.100 5 66.249.92.150 (Reverse Record Enumeration (-t rvs)) 



fierce S^Vt ■ 
?zone transfers %Ho1a1\ JIj jA U VjI lIj^ SbSfl **** & 
is^j* 'DNS ^j^j^ <^l£3l cjU1V( j«jV j! tAi^su V j! cill cJjlL jj£ [zone transfer] ^1a1\ Jaj ^AU^aW jIS bj 
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http://en.wikipedia.org/wiki/DNS zone transfer 
http://support.microsoft.com/kb/164017/ar 



(English) 
(Arabic) 



AlSaia c kLa CjUjI^q ^cjoij ^jj ^^31 J] SjUi^U n>ij ^ikj^a^ jA ; (AiSaia]! Jj^J jl A \h\ a Jaj) zone transfer 

.<£ jS3 DNS fiU J\ <^lJ DNS ^ o-DNS 

jjUll DNS ?&*/?^ J&> DNS d*-^ ^ 

.4L-cJI Cjli DNS ^ U£ (database replication) £LuoLJ ( zon e transfer) A ^U\a\ \ o£ ^ l£*3 tl^l^l 

c^j (zone transfer) AilaiJ I Jij JjS ^ U j\ j£s ^ ^l^VI DNS ^^L AlkiJI CjUL cj! *\ U s^lc 

4_iLkUl jl A^jUJl 2<^1 J£iA jjuj 4£jj^3 kllaaali <jj^aljl3l ^jLoij ^^isu i^Aj .S-lllaSl DNS ^Wf^° L>* 

j^VI ^l^ki^U t*Ui j .www.offensive-security.com (zone transfer) a&aA\ ^1 J u^l 

j-aVI ^I^jjujU jl nslookup ikiLJ ; La] DNS ^^/^sl^ Liajl aj ^AlkixJI (JSj aJjL^xJ (jjo^jJ ^ dig jl host 

.host 





host 


-t n< 


3 offensive-E 


;ecui 


-it 


y .cc 


m 


offensive 


-security 


.com 


name server 


ns3 


.no 


-ip. 


com . 


offensive 


-security 


.com 


name server 


nsl 


.no 


-ip. 


com . 


offensive 


-security 


.com 


name server 


ns5 


.no 


-ip. 


com . 


offensive 


-security 


.com 


name server 


ns4 


.no 


-ip. 


com . 


offensive 


-security 


.com 


name server 


ns2 


.no 


-ip. 


com . 




:-f | 















.DNS pU^Vl ^Lkj q^l^W record ns U^^ki^l j ^Jki ^1 record ^ 



host -1 offensive-security.com ns4.no-ip.com 
; Transfer failed. 
Using domain server: 
Name : ns4 . no-ip .com 
Address: 2G4 . 16 . 254 . 44#53 
Aliases : 

Host of f ensive -secu rity .com not found : 5 ( REFUSED) 
; Transfer failed. 
: # | 



(zone transfer) *3Lb* lU*j U*3 offensive-security.com Cx* j^h DNS ^U^VI J 

:^Ult LjI jII SjLJ tillLaj (zone transfer) ASlaUl J1j ^ S j-uib-a ^jpLuuj jjjjUJI AIL CjLj jLuj! 4jU£ ^ j^Lui a I] 
http://www.dnspython.org/examples.html 

^ ^ jjc. [zone transfer] ^Sjaiall Jij (JIa^IujI ^jjjUI! ^i<J *^^>f^^ (j -0 C5^^ ^ (* u^jj ju ^^ ^ ^ (jli tlLLuj LLujalj 
j^jjojV 6«^aJI cijIj^Vl (j-* CjIjJIslSI tilU^ 6 [zone transfer]**-^^ <J^ lit .^-c^ 1 ^ tciUi -C5 jI cJ^j 
CjIj^xJI t*ll jajj (jl^i ^1 ^jS Jj^ ojU^j ^l^kl^VI aI^m ^Fierce .[DNS interrogation] DNS 

j*Vt JU^j^I <IaLauj <>j t^j^l Sj* ./usr/bin/ N V ^> ^Fierce ^ ^ 'c^^ cs* .^^V^ ^'^Vl c> 

i^VI <jjjla c> Vji l^jl^iLai! ^> tSlt jj tSL lU^ (CjI j^ljjj^iill j^j ^ c-ibi Uii.) "Fierce" 
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Application -> backtrack -> Information gathering -^network analysis ->DNS analysis ->fierce 

Applications ->Kali Linux -> Information Gathering -> DNS Analysis-^ fierce 

a \\i fierce ^I^Lual ^^ic tiicLuij <ULuij ^flaj ^ 

.[apt-get install fierce] if- oi* ^Ikj ^Iujj V lil l^kiSj jSaj 

c_a jjuj t^jUtll £>i& JJia <JL^ .^^xJI ^jj^j^ll [zone transfer] Aikialt <J£j JU^V aJjL^ clujj^jujVI li* 

uj^ u' clA^ ^ .^^t DNS fil* J] cjU^Ui^VI (> <c JLu, J JjjL j& brute-force host names J 

.AjflljJaj lJI^aI i_a.u£3 <jU13 4_IUi <Iijujj 
lg <oViun ^jII ^jjiijja^ll j ip (jjjUc <il£ ^^Jc <ilLk-G djLuij ^^uin ^ill "fierce " sl^VI ^ j-J o-^^i 



root@kali:~# perl fierce.pl 



Can't open perl script "fierce.pl": No such file or directory 

.fierce ^—^j^^ ^-j^ ^ ^ (bugs) C5-^ aJLjuijII .ciii^ liU» l^-i^ 



># locate fierce.pl 
locate fierce 
/usr/bin/fierce 

/us r/sha re/applications/kali -fierce .desktop 
/us r/ sha re/ doc/fie rce 
/usr/share/doc/fierce/changelog .Debian .gz 
/us r/sha re/doc/fie rce/copy right 

/us r/sha re/kali -menu/applicat ions/kali -fie rce. desktop 
/var/lib/dpkg/info/fierce .list 
/var/lib/dpkg/info/fierce .ndBsufns 

if | 



$fierce©-dns©domain name on theinternet.com 



.fierce ,>*VI ^ laJLml ^jc 4_JU3! <ULuij3! jj^-la j& <^-£ ^joij <j^asu ^fierce ^l^aJLual lie t^lLlis <j| ^ ^^lill J^UixJI <jiasu 
Okay, trying the good old fashioned way... brute force 
Can't open hosts.txt or the default wordlist 
Exiting... 

;^U3I J( l-iaIj <K J^J 

http://ha.ckers.org/fierce/hosts.txt 

J] iL^lall a ikHaLj Fierce t °j - u o 2280 ^t-^Vl ^ ojUc oi^ jl a^j < - 

.cij^l Sj-a fierce J^jj (j^ cr^^^ hosts.txt 
.<jl£-<» ^-lalaLj ^3 lij JjS Aic UaKj ^ill hosts.txt L (jl^-o ^j^j] [-wordlist] j^*^^ J ^jS^j 

(Jll^Jl ^tjU iai^. ^JJJ C^iJi L_flLJl ^ui\ <XJJJ ^aJ L_alxi Cll^Jl ^tjU ^-l^kV [-file] JJJ^*^ ^I^JjojI 
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: — # f ii 


erce -dns google. c 


om 






DNS Servers for 


google . com : 








ns4 . google .com 








ns2 . google . com 








nsl . goo 


gle . c om 








ns3 . goo 


gle . com 








Trying zone transfer first... 








Testing 


ns4 . google . com 










Request timed out 


or transfer not 


allowed . 




Testing 


ns2 . google . com 










Request timed out 


or transfer not 


allowed . 




Testing 


nsl . google .com 










Request timed out 


or transfer not 


allowed . 




Testing 


ns3 . google .com 










Request timed out 


or transfer not 


allowed . 


■ 


Unsuccessful in 


zone transfer [it 


was worth a sho 


t] 




Okay, trying the good old fashioned way... brute 


f o rce 




Checking for wildcard DNS... 








Nope . Good . 










Now performing : 


2281 test (s) . . . 








173.194.45.84 


academico .google . 


c om 






173.194.45.80 


academico .google . 


com 






173.194.45.81 


academico .google . 


com 






173.194.45.83 


academico .google . 


com 







fierce©-dns©company.com (Standard Fierce scan) 

fierce ^hVi>nV j^VI diaall c_j jLJ 



fierceO-dnsOcompany.COmO-wide (Standard Fierce scan and search all class c ranges found for PTR names that match the domain) 
(jj-ajJ! J^lsu L ^sl\ PTR frL&Jual lM^J C ^-^-^^ fierce ^^jJal jliSVI dlaJt L_J jLuj! (J^jJaJ liA 

fierceO-dnsOcompany.COmO-onlyOzt (Fierce scan that only checks for zone transfer) 

.(zone transfer) Alki^l JSj J^l q^JW Jaaa cj*^ li* 
fierceO-dnsOcompany.COmO-ztstop (Fierce scan that does not perform brute forcing if a zone transfer is found) 

A*ki* (zone transfer) AikiaH ^] brute forcing ^ fierce sbVI ^I^IojU oaailt 

fierceO-dnsOcompany.COmO-wildcstop (Fierce scan that does not perform bruteforcing if a wildcard is found) 

(wildcard) j bj brute forcing <^ <4j fierce staVl ^^-^ <>aaill 

dnsdict6 SlAl ■ 

^ jSill a!L2\ cA jjVI ajLS »hl ^ .thc-ipv6 j» THC-IPV6-ATTACK-TOOLKIT L^l Jllu shVl ^ 

£>i& A \^aa\\ CjI^cLouJI laxJ 4jI£ CjI j;nsu ^1 (jj^J <JU*jj1I ^ 1 ^^^J .DNS diLa jlx-<Jl £-<^ 

ldnsdict6 4-$auiljj I^jl a a ^jIaj ^1 CjUjLla]| 4juJa ^ Lu2 

.(subdomain)^c cjtatkdl 
IPv6 jl IPv4 *! IP u!j^ - 
.SRV - 

.[MX] ^ jjSiyi ^jJI r 3 ' > ~* [NS] DNS pI^-VI ^1 > o5Uu* - 
To open dnsdict6 go to > Kali Linux > Information Gathering > DNS Analysis > dnsdict6 

djaJxh f&i V cillil tdiljLik]! j& j^ti^ .<LiLi3! ^^ic j^-laj c _^j3I CjI jLikJI < ali^ a a^j l_a jjuj t dnsdict6^^ ^j^-^ 

[dnsdict6©-4©url] - IPv4o>j^ <> [-4] - 

.[dnsdict6©-tl8©url]32 j* 8 ^IjSVI ^ Ut ^ lA^ yr 131 ^ ^ [-tOno.] - 

.[dnsdict6©-d46©URL] DNS *U-Vt ^ ^ MX j NS o5Uu- ,> IPv4 j» IPv6 ^Ujk, [-d] - 

. SRV^^i cj^, P bi [-S] - 
. x ' 1 '^-iajuo jla m cSjjxj^a s jc oUUj ^ J-<^ jUlkV diljLiiJ! [-[smlx]] 
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Syntax : 


dnsdictG [ -d46] [ -s | -m | -1 | -x] [ -t THREADS] [ -D] domain [ dictiona ry - f ile] 


Enumerates a domain for DNS entries, it uses a dictionary file if supplied 


or a built-in list otherwise. This tool is based on dnsmap by gnucitizen.org. 


Options : 




-4 


also dump IPv4 addresses 


-t NO 


specify the number of threads to use (default: 8, max: 32) . 


-D 


dump the selected built-in wordlist, no scanning. 


-d 


display IPv6 information on NS and MX DNS domain information. 


-S 


perform SR¥ service name guessing 


- [ smlx] 


choose the dictionary size by -s ( mall =50) , -m ( edium=796) (DEFAULT) 




-1 ( a rge=1416) , or -x [ t reme=321 1 ) 



root@jana:-# dnsdictG facebook.com 

Starting DNS enumeration work on facebook.com. ... 

Starting enumerating facebook.com. - creating 8 threads for 798 words... 

Estimated time to completion: 1 to 2 minutes 

www. facebook .com . => 2a03 :2880 : f008 :3G1 : face :bGGc :0 : 1 

blog . facebook .com . => 2a03 :2880 : f 008 : 301 : face :bOOc :0 : 1 

dns . facebook .com . => 2a03 :2880 : f008 :301 : face :bOOc :0 : 1 

www2 . facebook .com . => 2a03 :2880 : f008 :307 : face :bOOc :0 : 1 

dev . facebook .com . => 2401 :dbOO : 10 :df02 : face :bOOc :0 : 1 

new. facebook .com . => 2a03 :2880 : f008 :301 : face :bOGc :G : 1 

secure . facebook .com . => 2a03 :2880 : f008 :301 : face :bOOc :0 : 1 

login . facebook .com . => 2a03 :2880 : f008 :301 : face :bOOc :0 : 1 

my . facebook .com . => 2a03 :2880 : f008 :301 : face :bOOc :0 : 1 

ca . facebook .com . => 2a03 :2880 : f008 :301 : face :bGOc :0 : 1 

beta . facebook .com . => 2a03 :2880 : 10 :8f 11 : face :bOOc :0 : 1 



4-ai\1 obVl oi* t^S . IPv6u^j^ ^ a all* - DNS cjVUj] ^ Jaj <li ^LSII ^ill jJ^\ ^IjaJ j& 

IPv4 tjd\ 



: # dnsdict6 - d 4 facebook.com 
Starting DNS enumeration work on facebook.com. ... 
Gathering NS and MX information... 

NS of facebook.com. is a . ns . facebook . com . => 69.171.239.12 

NS of facebook.com. is b . ns . facebook . com . => 69.171.255.12 

No IPv6 address for NS entries found in DNS for domain facebook.com. 

MX of facebook.com. is msgin . t . facebook . com . => 173.252.79.16 

No IPv6 address for MX entries found in DNS for domain facebook.com. 

Starting enumerating facebook.com. - creating 8 threads for 798 words... 
Estimated time to completion: 1 to 2 minutes 
nsl.facebook.com. => 69.171.239.12 j 
www . facebook . com . => 31.13.86.49 



dnsrevenum6 St-ftfl 

.DNS IPv6 cl^j^ c ' ^^^'^^ ^ > '^ r ' a-Aasl! atal ^j^t ^>f^ j ^sj^ j ^-W^ 6 ^ 

dnsrevenum6©dns-server©ipv6address 
dnsrevenum6©dns.test.com©2001:db8:42a8::/48 
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dnstracer SlAl 

(DNS) *L<^VI J>^j cj^t c> . j >1uqx1 I DNS ^ Cy* <*-f£ J sl^VI ^^kiau Dnstracer 

_CjULu1I A-iLxj ^11 -o) jaJl DNS ^1 ^1^^ ^ £Jjjj 4jU jLl* 
.^^juUJjll CjLo. jIslaII j j& CS"'^^ DNS Jl cJ^^ DNS P^Juai £JJJ <jt ^>a.l ^^-ix-AJ 

#dnstr acer@WWW.mavetju.org (Search for the A record ofwww.mavetju.org on your local nameserver) 

.c£L (j-aUJI DNS el-^Vl J!^k ^> www.mavetju.org A c> J f ^V: 
#dnstracer©-S©.©-q©mx mavetju.org (Search for the MX record ofmavetju.org on the root-nameserver) 

[-s] .(root-nameserver) pU^Vl J mavetju.org u^j^ MX JauJI t> J e^ 1 ^ 

_<jc. I— l^jj £)\ ^jjj ^ill uili ^ jj aAsu JJ^ajJ [~(|] J^aJ^ .Cj!^^ uili <jc L_ laoll Aajj* (^illDNS ^jujI 

#dnstracer©-q©ptr©141.230.204.212.in-addr.arpa (Search for the PTR record (hostname) of 212.204.230.141) 

.IPv4 £ j^l o- 3 ^ ( ' a .:-^^ PTR J ^ 

#dnstracer©-q©ptr©-S©.©-0©2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.6.4.0.2.0.0.0.0.^ (for IPv6 addresses) 

.IPv6 £ j^t uu^W ( ' a .:-^^ PTR cJ^Jl ( — J ^ 

Serversniff ■ 
http ://www.serversniff.net 

IP ^jjjUsJU Ail*lalt CjU jkJ! <J£ IP tools 
.DNS ^Wi^ Name Server 
aKj^l cf- o- 3 ^ Webserver 



^ Domain - reports and all about i... | ^ j 
[ A- w. •. serversniff.net/mdex.php 



C 1 ■« 



I! Most Visited^ |||Offensive Security \ Kali Linux \ Kali Docs ||Exploit-DB K Aircrack-ng 



i m 




serwsniffmet 



ServerSnifl net Your free "Swiss Army Knife" for networking, serverchecks and routing with many many little toys and tools for administrators, webmasters, developers, powerusers und security- aware users. 
Tools for webmasters and developers: 

Benchmarks and informations about servers, routing, IP Stacks, encryption, secunty, nameservers and domains 
Tools toi powerusers: 

For powerusers ServerSnifl net offers computing Hashes tor strings and files and simply a lot of information about servers, ssi-encryption. domains etc pp 

ServerSnift net gathers only public information about servers and networks from pubiicfy available sources or from asking the servers directly 
With using ServerSnift net you agree on your terms of use and acceptable use policy! 

Mew: Check for compromised passwords of Linkedtn and L Harmony 



Added rccmtly: dominotguar 



iv net • aitboutnepagcs 



NETWORK FOOTPRINTING-8 

.(network-related information) a^JU AiklJI CjUjkJI a1a^j\\ jiixj 4 (network Footprinting)^^' 
'(Traceroute) ^f^Ji Jj^aj c ^£3 jLmJI j t Jj xj^ I ^Uaj j t (network range) ^f^i (jUaj ^j^j ^JaLJI 11a 



(LOCATE NETWORK Range) jUai Ajjau 

4 <Jai<ill J j^. ^L»lgJlj 4_lojLojVI djUi jIslxJI ^A^. ^ll^j l_s jjuj tdili Network Footprinting^f^^ ^^alu^VI ^jUr> -uiii3 

a^JI ^13 JiWI 
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.t V^ll ^Uaill (Network Range) ^yMI jj-**-^ ls fO^& ^ ^^Icl SjjSixJI diL* jl*-<JI 

Liajl ^^13 clA^ .(Regional registry database regarding IP allocation and the nature of the allocation) 

(^x^f l$\ L_fl^Jl ^Uaillj <J (j^aL^J! ^Uaill ^JJJ (JjJ^Iall £JJJ Uiajl ^1 g all .U^J^ [subnet mask] ^JC^all ^JjuJI 

(traceroute tools) 4_n*_^ J&\ jiita) ^Ua .t-i^l a<^1\ Jj^aj l$j ^1 router *i ^>*-* 

.^j^l^l] ^joulb DjjLa jj^j jl ^j^uJI <> 4^UJI ip <jjjU^ ^ Jjj^JI .VisualRoutej NeoTrace yr*j 

Cij j^V! IP jl> t> *£>15JI J3S1I Jaiau The Internet Assigned Numbers Authority [IANA] 
192.168.0.0-j 172.16.0.0-172.31.255.255 (172.16/12 prefix) 40.0.0.0-10.255.255.255(10/8 prefix) UJI 

.192.168.255.255 (192.168/16 prefix) 

JSjA .IpaJ Liajl ^Loij ;4_JUJI CA^u^W ^ 1 yz> jA\ CjVVI j Mill til^S <j' <^ *J ^ulli Jjlkj 

.lJ^JI a£jj^3I ^^kiauJI Jjii^l ^Uajj t J jj^a jll ^ ^aal l jl^ i (network topology)^^ 

(WHOIS jJ c5^l) f^UJU (J-aUJl IP jl JU^L ^ j£j 4L^^J| 4£jJ^b <j-aUJl 4£jj^3! Jjlkj J jj^a^Jl 

(https://www.arin.net/lmowledge/rirs.html) J] ^A*^ j' ARIN whois database search tool ci^^ 
^jj ^3 lil .cJ^JI a£jj^3U ^UJI a£jj^3I Jtkj Jj^aaJ ^ .SEARCH Whois <y>* ^J^JI ^UJ3 ip Jl JU^jj 

j 4<iLkl^ll ip (JjjUc; J jj^aJI £-f£Jl 1^ J!^U. ^ j <(trace a route) ^ c&j^ ^f" clA^ uW^^^ 



Network: Whois Record 






fui.ut with "il 207 . 4 6.232 .1B2", . . 




Ne tRanga : 


2 07. 46. O. a - 207.46.255.255 




CIDR ; 


20 7 .46 .O. 0/16 




OjtigiiifiAjS : 








MICROSOFT - GLOBAL-NET 




He tHandle : 


NET-2D7-46-0-D- 1 




airoii t : 


MET -2 0 7-0-0-0-0 




IfetType : 


Direct Assignsnent 




NaLnne S & rver : 


HS2 . MSFT . NET 




WflJiifi S & rvor : 


NS 4 . US FT - HET 




NaMft s srvar : 


M51 . MS FT . NET 




Name S & rve e 1 - 


NS 5 r MS FT . NET 




Name S & e- ve f ; 


HS3 r MS FT . NET 




RegDate : 


1937-03.-31 




' Jp- cL-a. tad : 


2004-12^09 




Ref : 


lit tp : / /wiioi 3 . ai in . net / E-e s t/ net /NET — 




207-46-0-0-1 








MjlcroH-af! t Corp 






MS FT 




Addr«s s : 


One Microsoft Way 




Cityi 


Et«dmond 




StateProv : 


wa 




P-o-s tolCodt : 






C OTiir t- ry : 


us 




KegDate - 


1996-07-10 




Updated.: 


2O09-11-1D 






liiz tp : / / w1icp± 3 . ar in . n-e t / etc a t/ o eg /MS FT 




O-irgAt^i s eHapdl b : 


ABU3E2 31 -JkEUIN 




OrgAt useNane : 






OtgAbu s ePhone : 


+l-425-8B2-a08O 




OEgAbuseEmail : 


aJbu s e li lio tjna.lL 1 . c cud 




OcgAbu s eRaf : 






http : / /whois . kr. 


i_o . n«t/rast/poc / ABUSE2 3 1 - AHIH 





:Dmitry SbVl ■ 

<jjjUc ^subdomain) cjliUaill cjL* jlx-<J! d^a ^ / a^u^i ^ cA* jlx^JI ^ ^a^. ^^ic oj^ll I^j^I ol^l 

.(illi <> ^whois lookups 'tcp port scan cjUjIxJI 
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Application — > Kali Linux— ► Information gathering— > Live Host Identification— > dmitry 



root 


dmitry 








Deepmagi 


c Information Gathering Tool 








"There b 


e some deep magic going on" 








Usage : d 


mitry [ -winsepfb] [ -t Q-9] [-0 %host.txt] host 








-o 


Save output to %host . txt or to file specified by -0 file 








-i 


Perform a whois lookup on the IP address of a host 








-w 


Perform a whois lookup on the domain name of a host 








-n 


Retrieve Netcraft.com information on a host 








-s 


Perform a search for possible subdomains 








-e 


Perform a search for possible email addresses 








-P 


Perform a TCP port scan on a host 






* _ f 


Perform a TCP port scan on a host showing output report inc 


} filtered 


ports 




* -b 


Read in the banner received from the scanned port 








* -t Q-9 


Set the TTL in seconds when scanning a TCP port ( Default 


2 ) 






:+: Requires the -p flagged to be passed 



















$dmitry©-wnspb©targethost.com©-o©/root/Desktop/dmitry-result 



subdomain CP [s] j NetCraft &* &Ujk* £**J [n] whois lookup |-w| j^ll Ua 



dmitry -wnspb google.com -0 /teba.txt 
Deepmagic Information Gathering Tool 
"There be some deep magic going on" 




Writing output to Vteba.txt.txt 1 




HostIP:173. 194. 112.71 
HostName :google .com 




Gathered Inic -whois information for google.com 




Domain Name: G00GLE.COM 

Registrar: MARKMONITOR INC. 

Whois Server: whois.markmonitor.com 

Referral URL: http://www.markmonitor.cc3m 

Name Server: NS1.G00GLE.COM 




netmask SlAl ■ 


: — # netmask google.com 
173 ~194 . 113 .65/32 

"oot@j ana : — # | 



scapy SlAl ■ 



i^Vl^ j^l Interactive shell ^ lU^ JU*jj3I scapy j*VI sbVl Iajj sbVl ^l^kiujU 



:-# scapy 










INFO: Can't import python 


gnupl 


ot wrapper . Won 


t be 


able to plot . 


WARNING: No route found fo 


r IPv 


6 destination : : 


( no 


default route?) 


Welcome to Scapy (2.2.0) 










»> 1 











icPVIS scapy <>i*£U Interactive shell ^ jkJI f u^* u^j^ aS^II Jlkj 



ans 5 unans=sr(IP(dst= Tf www.targethost.com/30 ?f 5 ttl=(l 5 6))/TCP()) 
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la:-* scapy 

INFO: Can't import python gnuplot wrapper . Won't be able to plot. 
WARNING: No route found for IPv6 destination :: (no default route?) 
Welcome to Scapy [2.2.0) 

>» ans,unans=sr( IP (dst = "ww. google, com/30" , ttl = (l,6) )/TCP() ) 
Begin emission : 

. ********Finished to send 24 packets. 



ans.make_table( lambda (s,r): (s.dst, s.ttl, r.src) ) 



■ ans . make 


table ( lambda 


ts 


, rj : (s 


dst 


r S 


. t tl , r . s re " 


) 


173 . 194 .39 . 


"20 173.194.39 


.21 


173 . 19-: 


\ .39 


.22 


173 . 194 .39 


.23 


1 192.168.16. 


1 192.16S.16 


. 1 


192 . 16E 


3 . 16 


. 1 


192 . 168 . 16 


. 1 


2 41 .221 . 137 . 


3 41.221.137 


.3 


41 .221 


137 


.3 


41 .221 . 137 


.3 



: jm u£i scapy sbVl TCP traceroute J 



res 5 unans=traceroute([ Tf www.google.com tf 5 ?f www.Kali- 



linux.org t ^ t Vww.targethost.com tf ] 5 dport=[80 5 443] 5 maxttl=20 5 retry=-2) 



>» 

) 


res 


, una 


ns=t race ro 


ut e f [ "wwv 


j . go 


ogle . cc 


m " , " 


www . Kali -lini 


jx.org " 


"ww 


w . f ac ebc 


)ok . c t 


urn " ] 


dpo rt 


= [8 


0, 


443] , 


maxt tl 


=2C 


, ret ry=-2 


Beg 


in e 


miss 
**Fi 


ion : 

nished to 


send 120 


pac 


ket s . 
































**** 




+: Begin emi 


ssion : 


































Fin 


ishe 


d to 


send 99 p 


ackets . 


































.Be 


gin 


emis 


sion : 




































.Fi 


nish 


ed t 


o send 99 


packets . 


































Rec 


eive 


d 23 


packets , 


got 21 ar 


is we 


rs , rem 


aini 


ng 99 packets 






























0.0: 


tcp443 


0.0.0.0 


tcp 


SO 


173 


. 194 . 113 . 144 


tcp443 


173 


. 194 . ii; 


1 . 144 


tcpE 


30 31 . 


13 . 


86 


. 49 : t 


cp443 


31 . 


13 . 86 . 49 : 


tcp 


SO 








































1 


192 . 


16S . 


16.1 11 


192 . 16S 


16 . 


1 11 


192 


. 16S .16.1 


11 


192 


. 16S . 16 


1 


11 


192 


. 168 . 


16 . 1 


11 


192 


. 168 .16.1 




11 








































2 


- 






- 






41 . 


221 . 137 .3 


11 


41 . 


221 . 137 


3 


11 


41 . 


221 


. 137 .3 


11 


41 . 


221 . 137 .3 




11 








































16 


- 






- 






- 














31 . 


13 . 


86 


. 49 


SA 


- 




17 


_ 






_ 






_ 






_ 








31 . 


13 . 


86 


. 49 


SA 


31 . 


13 . 86 . 49 




SA 








































IS 


- 






- 






- 






- 








31 . 


13 . 


86 


. 49 


SA 


31 . 


13 . 86 . 49 




SA 








































19 


- 






- 






- 






- 








31 . 


13 . 


86 


.49 


SA 


31 . 


13 .86 .49 




SA 








































20 


- 






- 






173 


. 194 . 113 . 144 


SA 


173 


. 194 . Ill 


I . 144 


SA 


31 . 


13 . 


86 


. 49 


SA 


31 . 


13 . 86 . 49 




SA 








































>» 


I 









































res.graph() 




Commands 

File 
Edit 
View 

Transform 
Enhance 
Effects 
F/X 

Image Edit 
Miscellany 
Help 



AiunW p\A\"u nb ^^ajIa laIa ^ guUJI iai^ 

res.graph(target= tf > /tmp/graph.svg") 

.exit() ^-all ^Vmn ^jjlU 
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(DETERMING THE OPERATING SYSTEM) Jji-SSM ^ ^ 

NetCraft -1 
http://news.netcraft.com 

\,^\\ a^w'^W C5 ic <Ja*]1 ^ OS J^^-^l dial j£nj staVI cil^cLoaj l_s jjuj j . OS Footprinting <— i^JI 

^Uaj tiUi LaJ tdljjljVl A^Jjui ^^ic ^1 ja. <J j^. (JllLa jlst-<Jl <jC JjuiLlg J^*JI JJ^*^ l^i>laajaal (j^-aJ dial j^llj .^Lkll (JjxjujJ ^aUaj 

jiaJI i^i^Luj ^( a£j^JU ^-aUJI o^j^^ ^ ^ ^ o 21 ^ e*"^* http://news.netcraft.com 
^SIjaII 2^ o^^s ^4* .(cJHaII ^ microsoft.com oK>all ^ ^) What's that site running? 



n Internet Research, Anti-Phishing and PCI... I + I 
^ news.netcraft.com 



' Googfe 



P D- *■ H " ■ 



flETCR^FT 



SINGLEHGP 


Bare Metal & Cloud 


BACKED BY THE 


See why it's better -» 




HOSTING 


INDUSTRY'S BEST SLA 



Search 



What's that site running? 



fj Subscribe to our RSS feed 
□ Get News updates by email 



Microsoft neck and neck with Amazon in Windows hosting 

Microsoft has edged ahead of Amazon to become the largest hosting company as measured by the number of web-facing 
Windows computers. The pair have been neck and neck for almost nine months: Microsoft now has 23,400 web-facing Windows 

rnmni ifarc anainch Ama-ynn'c ftnn Rarrinn rnmnanioc m/it-h larnQ rnnnor+iuit-w Jcnartc hhoir - naccac _ n H t in rhina 




I [n Netcraft - Search Web by Domain 



^ <rS searchdns.netcraft.com./?host=microsoft.com&x=9&y=11 



P c- * # * - 



Netcraft Services 

> Netcraft News 

Phishing & Security 

i Anti-Phishing Toolbar 
♦) Phishing Site Feed 

♦ Hosting Phishing Alerts 
j Fraud Detection 

Phishing Site 

Countermeasures 
+ Audited by Netcraft 
i Open Redirect Detection 

Web Application Security 

Testing 

Web Application Security 
Course 

Internet Data Mining 

l) Million Busiest Websites 
Hosting Provider Switching 
Analysis 

i Hosting Provider Server Count 

♦ Hosting Reseller Survey 

♦ SSL Survey 

Internet Exploration 

i Whats that site running? 

♦ SearchDNS 

♦ Sites on the Move 

Performance 

Hosting Prospects 
Performance Alerts 



Search Web by Domain 



Explore 1,506,644 web sites visited by users of the Netcraft Toolbar 

Search: 



3rd March 2014 



site con tains v microsoftcom 



search tips 

lookup! 



example: site contains . netcraft. cc 



Results for microsoft.com 

Found 214 sites 









Site 


Site Report 


First seen 


Netblock 


OS 


1. 


VA«w.microsoft.com 


B 


august 1995 




windows server 


2012 


2. 


technet.microsoft.com 


fi 


august 1999 


microsoft corporation 




2012 


a 


go.microsoft.com 


i 


november 2001 


ms hotmail 


windows server 


2008 




support.microsoft.com 


ffl 


October 1997 


microsoft corporation 


unknown 




5. 




m 


june 1998 


microsoft corporation 






6. 


msdn.microsoft.com 


a 


September 1998 


microsoft corporation 


windows server 


2012 


7. 


social.technet.microsoft.com 


fl 


august 2008 


microsoft corporation 


citrix netscaler 




S 


office.microsoft.com 


ffl 


november 1998 


microsoft corporation 


unknown 




9. 




ffl 


august 2009 


microsoft limited 


windows server 


2008 


10 


social.msdn.microsoft.com 


A 


august 2008 


microsoft corporation 


citrix netscaler 




i : 


download, microsoft, com 


ffl 


august 1999 


akamai technologies 


linux 




12. 


search.microsoft.com 


ffl 


January 1997 


akamai technologies 






13. 


ol5.officeredir.microsoft.com 


ffl 


may 2012 


microsoft corporation 


windows server 


2008 






CI 











SINGLEHGP 

HOSTING 
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SHOD AN Search Engine -2 

http://www.shodanhq.com : j^-a^ll 

. jSUIl t> <*_Jj A^^^ ^l^kl^U (routers, server, etc) * j&A ^4 SHODAN Search Engine fl^i^ 



J SHODAN - Computer Search Engin 



<- - S 


shodanhq.com 








9- Goog/e 


P * # * 




Shodan 


Exploits Scanhub 


Maps Blog Annive 


rsary Promotion 






Register | Login ? 


A 






SHODAN 






| Search 







Expose Online Devices. 

Webcams. Routers. 

Power Plants. iPhones. Wind Turbines. 
Refrigerators. VoIP Phones. <, " 




Popular Search Queries: Snom VOIP phones with no authentication - A list of Snom phone management interface without authentication 



Developer API 

Pind out how to access the Shodan 
database with Python, Perl or Ruby. 



Learn More 

Get more out of your searches 
and find the information you need. 



Follow Me 

Contact me and stay up to date 
with the latest features of Shodan. 



In the Press 



Shodan pinpoints shoddy industrial 
controls. 



It greatly lowers the technical bar 
needed to canvas the Internet... 



'Shodan for Penetration Testers' 
presented at DEF CON 18 



threat [post] 



It's a reminder to many to know what's 
on your network... 

dark reading 



Shodan is the Google for hackers. 



Shodan vereinfacht die Suche nach Firmen offnen Stuxnet und Co. selbst Computerangriffe werden einfacher. 
SCADA-Systeme erheblich~. die Tur. Zumindest fur die Nutzer von Shodan. 




Shodan Ex 

SHODAN 



Results 1 - 10 of about 205 for microsoft.com 



» Did you mean: hostname:microsoft.com 
87.106.67.67 

1&1 Internet AG 220 microsoft.com Microsoft ESMTP MAIL Service, Version: 6 0.3790 4675 ready at Sun, 2 Mar 2014 19:53:25 +0100 

Added on 02.03 2014 



s1 5243860 onlinehomf 

Object moved 

65.52.108.44 
Microsoft bingbot 

* : Redmond 

msnbot-65-52-1 08-14.S 



Object moved 

131.253.37.47 
Microsoft Corporation 



Hurricane 



HTTP .1.0 302 Object moved 
Cache-Control: private 
Content-Length: 1~9 



Location: http: msdn2.micro3oft.com en-us virtualearth default.aspx 
Server: Microsoft-IIS S O 

Set-Cookie: .ASPSESSIO>n33SSTABTCA=BKDHOPHDJKHJODKFIIK£F\IJGN; path=. 

X-Powered-By: ASPNET 

Date: Sun, 02 Mar 2014 17:49:37 GMT 



HTTP '1.0 302 Object moved 
Cache-Control: private 
Content-Length: 179 
Content- Type text html 
Location: http: msdn2 micro3oft.com. ei 
Saver: Microsoft-IIS 8 0 

Set-Cookie: ASPSESSIO:OTDSCSSADB<>E.AI3DGJLC24NE^ path= 

X-Potvered-By: ASPNET 

Date: Wed, 26 Feb 2014 02:35:40 GMT 



n-us. virtualearth default aspx 



Is your 
website 
vulnerable 
to hacker 

attacks? 



^ Hacker-Target. 

BUtTOH 

OPEN 

SOURCE 

NOBS 
SCAN YOUR STUFF NOW 



Celebrating 3 
years of 
Shodan 



TRACEROUTE 

[man-in-the middle] i> ^W^l ±± lSjjj^ (target host) ^^(route) J-^ jj^ 

.a£jJo3I jic c \\\\ 
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< qj > ^ l J-^ J^ jj^ IP ^ J ^j^t (Time to Live) TTL j Jj^Asj^ ICMP^j^ ^^Luj Traceroute 

^^C till (jla^su (jl <jl L— Ll^ .{jj^^ * (JJ^ ^ (j£ IP ^^>^ J^ 1 ^ <J cJ J " ^ ^ lP 3 ^^ ^ <j ^ *J ftl^VI £>i& j # A£jjoJI J L_fl^Jl 

^jjj UUIj Ll&i <L<»^JI l&iktj jll 4_ii<»^3! dAxJI t^ixiUaill ^jjj a£jjoJI J jl <J^-^ ^ J^ routers ( ** ^ ? J-*^ 
JL^jVI 4£jjujj dal^ ^<JI ^UjjojI Uiajl (jia^>su <DNS ^— iVl^l j^ill ^jj '[routers]^^ j-i^ ^3^' 

Jl s jLS^U TTL d**JI (4j .(TTL) Time to Live cs-*^ ^ j^V^ <Jj^j^jj^ J 'O^ J^*^jI ci^A 3 j&j 
A^ysA\ jIUj c^illrouter jW ujV* i> j* 2 ^[packet] J^ <> ^^-^Vl 

yl\ J£^l (j* ^Asu j-qj c_fl jjoj j^Jl (jl j^J (^-^ jl J^-l Jl L>^ ICMP L>^ J TTL (J-^^Jl AaJl J1_^q <J-*ataj] 

j ^j^jJI TTL d**^ c> ^ j o-^k c> [router] jW ^ i> 

AxJI Uijc . jIj ICMP Jj^jjj 
(Jjl ,<!ljajjl ^jjj ^l j ^ ^ TTL ci^-^j IQMP ^ Cy* cJ^j^ c^L^ 3 
Jl <!Loj j JLuj jlj <^ j^JI JaUJ ^jj tilli ^jc- j jix^a jll ^j^a TTL c> j ^ j f^^H [First router] j^JI 
cJ^j^ ^ '(router) o^a^JI DNS IP u^j^ c< cJj? 1 ^ .4^3^^ ci^W^ ^ ^ L-LLjaxJI jl^JI 

^ill j ^ ^<JI Jl ^MJj <-! jVI iS^L (j* ^ > ^ij j^JI ^jli tillil 2 c5 TTL J-^ 2 l^i^l j 

XP (jjjlic cJj-> > uj j li^ (JjlS J j.<u.>.>ijj ,^^JI J&L^j 4J| ^^J3 ^.uiIaII c 'qu^ll jl^-aJ) Jl <JLojj cJLujjI j 4_*^J! JaL^L ^>^-Vl 

^ J .[unreachable] ^ J r^""^ c> JU^^ jj^ JU^^ DNS j 

Jl Jj^aj Uiiic. tljjikl .[router]'^^ jW^- <-S^ J] Mjj W^*^ j^jaJi J ^O^- cJ^ Aja^ilajl ^ill dia jll >>n Ajli 
<j^aUJI IP ojjUc^ ^ J ^Loij sbVl t JU3U . JjojjJI Jl ^^Ul ICMP ping J^jj ^ ^ ^ j^q^l 

/ fl>^JI cAjjJaxJl Jl Jj^aJ (^£3 <xi j^Jl <J^kj| jll jLaixJl J 6^ j^. ^<Jl hOpS 



IP Source 



Router 1 lop 



ICMP Echo request 



^ _ _ 1 CM P error me! sa^e 

m ::::::: 

I CM P *rror m*a ta^# 

ICMP Etlio request 



* a * m 



Router I lop 



ViTV 



Router I lop 



Destination Host 

■> _ . 



m=2 



*1 



JQPQ 




FIGURE 236; Working of Traceroute program 



?tracert j^VI ^l^ldal 

; JVIS c_fl^SI ^ j^l ^1 jl L_a^SI IP jl jixj lc tracert >«VI j Jj^jj J^^l ^Uij J command prompt J^ ^Uill 



C : \>tjr^o^art 216 .239. 36 . lO 

Tracing route to ns3, google. com [216.239,36.103 over a maximum of SO hops: 

1 1262 ms 18 6 ms 124 ms 195 . 229 .252 . lO 

2 27 96 ms 3061 ms 3436 ms 19 5.229.252.130 

3 155 ms 217 ms 155 ms 19 5.229.252.114 
14 O 5 ms 1530 ms 194.170 .2 .57 

128 0 ms 655 ms dxb-emix-ra . ge6303 , emix . ae [195 . 229 , 31 . 99] 

530 ms 99 9 ms dxb-emix-rb . solOO . emix , ae [195.229.0.230] 

1124 ms 1748 ms iarl-so-3-2-0 . Thamesside . cw , net [166.63.214.65] 



4 2171 ms 

5 2 6 8 5 ms 

6 2 02 ms 

7 6 0 9 ms 
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8 1622 ms 


2377 ms 


2061 ms 


eqixva-google-gige . google , 


com [2 06 . 223 . 115 . 21] 


9 24 98 ms 


9 68 ms 


593 ms 


216 . 239 . 48 . 193 




10 3546 ms 


3 63 6 ms 


3030 ms 


216.239 .48.89 




ii i en 6 ms 


152 9 ms 


HI ? ms 


216 . 33 . QR . 1 54 




12 1108 ms 


168 3 ms 


2 0 62 ms 


ns3.google.com [216 . 239 . 


36 . 10] 


Trace complete . 









[traceroute analysis] tracert juU 

^1 La j 6<jIa^JI ^jlj^a. ^router^-^ * 3 U u « j\\ ip ^jjjUc kkjsu* ^ Traceroute sbVI ^^cLoij t ^ 

JJ^j J^k JL^sjVI a£jJo3 [topology diagram] ^Kj^v^I ^ j j^>^^1 j 

4£jj^3! HOP (j\ j*-* I j^a uj^ ^ ^ traceroute J^-^ .Traceroute sl^VI g&ti 

J ja^JI ^1 4_JU3I Traceroute gft" ^ .Ai^l^JI 





traceroute 


1. 


10 


.10 


20 , 


second to last hop is 1.10.10.1 


© 


traceroute 


1. 


10 


.20 


10, 


third to last hop is 1 . 10, 10, 1 




traceroute 


1. 


10 


.20 


10, 


second to last hop is 1,10.10.50 




traceroute 


1. 


10 


.20 


15, 


third to last hop is 1.10,10,1 




traceroute 


1. 


10 


.20 


15, 


second to last hop is 1,10,10.50 



© 

Hacker Internet 



FIGURE 2 37: Diagrammatical representation of the target network 

.traceroute J Annl l ^Uaj Uiaj) jSji* j^VI li* 



1.10. lO. I 
Routs r 




Hi 



1-10,10.10 
Web Server 



DMZZONE 



1.10.20.15 
Mdil Stir u«r 



1,10,2030 
Fir. 



TRACEROUTE TOOLS 

cj^SI jL^ ^jjjII t*Uij Traceroute ^ ^j^Aj o£ w ^ VisuaRoute 2010 jPath Analyzer Pro 

Path Analyzer Pro -1 
http://www.pathanalyzer.com 

jA^aJI ^ jaJI D^kli ^ill jLaJI jc^ Jaxj ^1 jtraceroute c> j ^bl ^ Path Analyzer Pro 

hop l£j 5^»UJ1 CjUjkJI qa Ujjtj std. dev. <avg. latency 'latency <%LOSS <ASN " <j > ^ t 

,4£jjaJl j*. (_^^>^.VI ^UjujVI (jlasuj 

Ciifull ^aLkJI wizard ^ ls^^A 3 a (* ~ 1 
;<JU3l 3_JjUi31 jj^-la ^1 A^t-^JI a ^ tniti ^1,^ IujV Evaluate j^^^ Jj> > ulll cilia ^jjj <JLojj laila -3 
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Path Analyzer Pro 



File View Help 



- □ x 



© a s> & m 



New Close Preferences Page Setup Print Export Export KML Check For Updates Help 



Standard Options 



Protocol 
0 ICMP 

TCP NAT-friendly 
O UDP 



Source Port 

J Random | 65535 

Tracing Mode 

Default 

Adaptive 

FIN Packets Only 



Q Advanced Probe Details 



Length of packet 



0 Smart 64 



Lifetime 



Target: 



~~| Port: 0 Smart 1 65535 Trace ] | One-time Trace v| 



800 



Type-of-Service 

0 Unspecified 
0 Minimize-Delay 
Maximum TTL 



C | milliseconds 



30 



Report 5 Synopsis |_j Charts C Geo v Log EH Stats 



Hop 



IP Address 



Hostname 



ASN 



Network Name % Loss 



< 



>| 



Target Port: ^ No data 



^ib cilj^j smart Advanced Probe Details * c^j ICMP Standard Options ^ -4 

,<ik^ 4J-*aJl jliA Jjxij f liJ) lj^j J-uaSj ^ Jj.»^tt .5 

i^Vl^ uj^j www.google.com ^ lA^j target ^ <jUJI lJ^JI <j^»j^I ^ -6 



^ Path Analyzer Pro 



File View Help 



New Close Preferences Paqe Setup Print Export Export KML Check for Updates Help 



Standard Options 



Protocol 

0 ICMP 

TCP NAT-friendly 
O UDP 



Target: www.google.com v Port: 0 Smart 



65535 



Trace 



One-time Trace v 



Report ft Synopsis E5 Charts || Q Geo || B Log || 51 Stats 



J ls^- > ^ i ^ One-time Trace i> ^ Timed Trace 4^1511 <> Trace j jU iLlS*JI ^ -7 



HH:MM:SS Jitfl <oi3-j 



^IS^ 3 4_iLac ^j^xlauJI diS jll ^jJaj <_£^>^.i <JujUjj ^Jaja Trace 

I^VIS gjlmll jLoiJI <iLc; ^ *1$3jVI Asu Accept jjM k» ^ 



O ».pro»tr a trwpg | B Clwta [ <J Gee. ] ^ Lap | g] Sarta 



\- T I 1—4= 



I •.- 1 - l>l IP 



I . 



m 



■J. J 



mi ii I! mi 
i n n i iii i 



- 1 44 
l 14.5 



15169 



_ _ j_ L 



SUM 



II II Mill 2^01 

1111111111 

lllllllllll ETO.1] 

niomiiiu ?^s: 

ii iiuiiiiii 3iB« 



567 2^ 
h. . at 



176.™ 
1*1.71 
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.L_fl^J) J) j^axJl (j* 4-a jaJl jLaixJ ^gJaaJI f^J^ ^ Report -^uJall J^-oJ -8 

.[traceroute] o-* 1 ^ ^ j^M Synopsis ^ k» > ^ t jSaj -9 

.1^ ^1 ^iai aJL*1 ^UJI ^jll tSll j^SiJ t*Bi j Charts ^ AmLjJI -10 

i^Jl ^1 jAj^axl) ^ <Lg j^Jl c _^j3I jLuaaI! £jJa jJ <Alkj 4JllaJ^k till jg hjl cilli j GeO ^* > ^ "1 1 

.Export jj k^jal l JjjL jo ^ jU UiL ^ ajLJI ^ 



Target: | www.gQQgle.corn 



^ Port: 0 Smart | SO Trace ~] | Timed Trace" 



~3 



Report -5 Synopsis II B Charts II ^ Geo II @ Log II Hi Stats 




VisualRoute 2010 -2 
http ://www.visualroute.com : j^-a^ll 
j^<JI \. v w ^ Uiajl tilj£ <lS I&jIj .hop-by-hop -1 o^j*^ l£j^ Sl^l <^&j j^jll ^-^ jll c^-l^ J^ 

J*Li : JISjuJI ^j^S ^ ^-fiill cjU jl*-* j^a jj 6 jii L^jI bC 5 j^VI IP Sjg^'j server ^ j^JI j routers ^ j*^ 

■ [geographical view of the routing] ^ J*^ lP 3 J*^ j 6 [in a data table] J ^ 6 [an overall analysis]^ j 
.^jjjiall ^£ <1^.j-q J£ J j '<js*\ j*-*^ j^ll j node ^ 'IP j^* 'hop ^j j^-* lSj^. ^—^^ J j^- 

[Hop-by-hop traceroutes, Reverse tracing, Historical analysis, Reverse DNS, Ping plotting, Port 
probing, Firefox and IE plugin] 




i - li- 
ft rr 



'C^en id- hrrp. r«^ue%(» en» pan BO 
F>»n Piebt Ruonnif itn*r »cicidl4lSff 5 

R«p«d>d In 9&43PTts 
Pachtl In A* 



no* wllw 123m Mwmw an h4«i ar**r no* «0 in 




ijW* VisualRoutej Path Analyzer Pro c> J- cr^' ^J^^' ^tj^V) c>a*j ^->jj 

Network Pinger available at http://www.networkpinger.com 
GEO Spider available at http ://www.oreware.com 
vTrace available at http://vtrace.pl 
Trout available at http ://www.mcafee.com 
Roadkil's Trace Route available at http ://www.roadkil.net 
Magic NetTrace available at http ://www.tialsoft.com 
3D Traceroute available at http ://www.d3 tr.de 
Analogx HyperTrace available at http ://www.an alogx.com 
Network Systems Traceroute available at http ://www.net.princeton.edu 
Ping Plotter available at http ://www.pingplotter.com 
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(FOOTPRINTING THROUGH SOCIAL ENGINEERING) 4**»S#il £*± <> £3Usfi«*! 

^£jj]a ^jC c^M Ul. Aft 4_il^c. (jjjsljj L_fl jjuj jVl .^jliVI CjI jji jl jjt s^Loiaj Uj CjU jlxJ! 2^ CjUii Ui5U J^ 

Jc- J^VU ^tg-^l f <j^'j ^^(non-technical) ^ jjc. 4_iLc ^ : social engineering ^pUI^VI jUajgjt 

tiljAxi JJC. L_flJ^_!l (j^a^joill (jj^J <LjIa]| £>i& (JlLa L_fl^Jl 4_xJaixJl/4£jjudll <J j^. 4_}jjuJl dlLa jLlxJI Jc 4_La <J jj^^JIj L_fl^Jl J ^ *M 

diLa jlx-d Jc- <J jj^^J! <J^I (j-a L_fl^Jl ^ A^xl c : i» b g <^l (jj jll J AjjjuJI CjLg jIslaII 4-3jjujj ^jL La \ > n->> >*>i ^jl 4gj'q^ 

< 4jjjuj CjLq jlx-x) ^IxjJaj (JjjUII SJIC-Loia 4 tmj?-i j-a llflJ i u-j a^I g all _Aj Jjuj 

4joj1^J| (j-G c ^jujLujVI t * a ^^ .4_JJjoJ! dlLa jIslxJI (jC t a.^<U <C.|^k ^ jj^a>J| ^^klaixJl AiS L_bud£ Vjl ciLIc tAjclxU^Vl ^LolAi^-II S-bV 

4_J ^- J- ^ * JJC. J jj^ jll JLd 4_L^j£3l 4_lLaC J CjU» jIslxJI £>i& ^I^JjujI ^aJ AjjUaxJl 4_}JjuJ| CjU» jIslxJI Jc <J jj^^J! j& 4_icUu^.Vl 

cjUL^ e_A^J Jc Jikill ^U^ll (jiu^l cAjj^SI Aij^ 6 [gaining unauthorized access to the system]^^^ 

. JLi^l CjUL^ J p UaJ| j^V 

[eavesdropping] 

Shoulder surfing 
(dumpster diving)^^JI S ^hi^ l J di^JI 
impersonation on social networking sites aj^I^VI CjI^JI J^ JUIjVI 

jc. CjU jkJI ^ ^imo aj^Ij cjli&i ^ dumpster driving ^shoulder surfing 'eavesdropping in** j^i ^ 

(.l^lilt) EAVESDROPPING 

,f>g vfil j^ 1 ^^! djlj^L^xi jl c fljl^JI J^lk (j-<i 5-1 jjoj (jjjUll cIjIj^L^aII Jj Ijjoj ^LdiaaVI J*i ^[eavesdropping] £**^21t 
(jialjjcl Jjta (JjjLojVI J i JU3U _(jj^li3l JjLojj jl Ajjjill JjLoj^)3I JiLd ^JU^jVI ^\ > u j (j-« AjjjuJI JjLuj^)3I S^lja Uiajl J-'^ 

Aj^L^-g Jc db^Iill (j-Q S^llLujVI cJ^-^- (j-° ^J^l CjLq jIslxJI 11a (j-Q ^.1^>JI L—Loil^Q a jU-ajVI J^A 3 ^-^1 J-° (jj^ CjVIj^jVI 

_ c _ 5 _jlll£Jl (JU^jVI jl 6 jj^iill j Cj jj^II ClAiLa (jialjlicl j tA-ifljlA 

SHOULDER SURFING 

qAa I^JLuiaSI ^LgjojI J^-^j ^jjILJI CjUjjJa JiLd jj jJAx^ll Jc Aji^jJall ^Jajodl 4_i^jJa3l ^Ijj (^-fl^J ^1 g all <jl£ tAjjjlll oi^ 

. I Jjuj lAjJC. j JjoJI Cjl j 

.<JjL<ui djUUjj 6(jLdjjVI ASUaJ diUi jlx-d tCjUl uiaJl ^ISjl jj-^J^I 'PINS ' diUiK Jc J jj^a^Jl 6^lc L_J jLojVI li^ ^Vlmj 

_<jajx^ (jj^ Aj^jJall 5-ljj L_flj3j3l IjUnl cJ^-^l (j^ f-^'O^ J W^^J^ 

DUMPSTER DIVING 

Jj^a^j .t^^JI a£jJo31j ^.j^aLiJI *L<iLdi3l ^ djUi jIslaII Jc J jj^a^JU ^.I^aII ^ajL lLli^ 'trashing ^-^1 < — * j^*-^ ajjSsII 
4_*U£3! (jj^lL^a (j>» t*Ui j jlx^ll ^ U jjA j t^ojLai^JI cjU jl^JI ^ cJlc ^printouts of source code) u? j. ^^^ 1 

^aJ jll dlLa jIslxJI (jxi (illi Jj Laj 6(jj^^jjob<Jl t . d < ^ J <L^V CjLla^.^L<i ;<suUallj <j^aLaJI 4^U^I (JjjlL^aj ;L_fl^Jl A£jjaJU <j^aLaJI 

,<jj^ji3l A\\ac L-jI^jjV (jj^->t $ <c\\\ SwliLo (jj^J (jl (j^J 1 ^-ilc <J jj^aJ! 

https://www.facebook.com/tibea2004 AjjL ^^aa^a 



105 



[FOOTPRINTING THROUGH SOCIAL NETWORKING SITE] ^cUS**! J-at j3H ciS^ 0- ^Ul-ft-10 



^Lu^VI J^a) j£l >a J^U ^ <jpLu^V1 4-uUl$2t ^liHujb f^UaluiVI 
l^jjal j^l aj^Ui^VI ^il^ J£ \ j± tgoogle+ 'Pinterest 'Twitter 'Linkedln 'Myspace 'Facebook 

■ i^gV Q ^ f ^liliC^l! ^a^JjaixJl ^l^kj ^jLoAj ojjj^a C^^ 3 sjj^ ^^^'"^^ dib^&j gajli ^J^la 

# a£jjoJI ^jc <La^tfl3! jlikVl j j-<JI j t^jjilxu^xJI ^.l^jjoJI JiLd djUi jj^ii 

L-jL £yz L_fl^Jl j^aa >'Ml AilAj^ L_llla cJ^j] <j A ^ 6^JH<Jl cJ^f^ .dlLa jlx-<Jl ^j-d c ^^13 ^Li^jJall ^IjC-V 



(INFORMATION AVAILABLE IN THE SOCIAL NETWORKING SITE) c^^V) J^alj^J! jSlj^ A^llilt CjUj^aJ) 

(j^Q 1 (J ^*«v\l g a\\ 

^ * a <juj^j^3U qjajLij ^jla^j^aU (jjiaJJjJ 6^lc (jjjlill _^t]| 4<iajudjVlj 6^jU»L<uAl 46JjujVI ^^^i (JG- <*—lL<» jlx-<» t^la^j^aVl diUi jls«-<» 

j^^ a ^Jl ^aUuiajVI 1* 1 (j -0 ^£^^^11 ^lalLdj jjj^al! 

6(JjjU3I ^ jlill ^^cUu^-Vl cJj^^ I J^^^j ^ A J CjUJaixJl j <Jjou31j ,A-i^jJa3l A lajulj) t &juj£ (jj-A^l^Jl (j^J 



What Organizations Do 


What Attacker Gets 


User surveys 


Business strategies 


Promno-te products 


Product profile 


User support 


Soci^il engineering 


Background check to- hire 
employees 


Ty per of business 


"TABLE 2,1: What organizations 
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[COLLECTION FACEBOOK INFORMATION] <4*«AiM CP 



Facebook is a. Treasuxe-trove for Attackers 



of 



using Fctce&ooii: <rfi over the* wor/cf 



845 TT* 


lOO S^m 


250 


1/5 


million monthly 


billion 


million photos 


1 of every 5 of 


active users 


co nnections 


uploaded daily 


all page views 



20 



minutes time 
spent per visit 



^J^ 1 ^>laajud^ 845 6 000'000 L>* J^' t^JlaJI ^ (^c-Lu^-Vl J$ j ^ jjjojlill 

t^jjJ^lVl 6L_fljl^Jl ^fjj <Jlx» 6 llLall CjU» jIslxJI (j>» t ^ <— fl^Jl (J^akjuoll ^ > kill t flL&ll gaJ # <La 

CjU» jIslxJI laJLujI ^aJ g all (j^J . L>* J-^'J 6 JJ^^^ cCjLgLu&VI cA-ii^ all (Jj> gal tA-LojLull Jjj^lilill 

[COLLECTION TWITTER INFORMATION] j£ja« CP ^Ujk^lt ^ 




Japan 
29.9 million 



Indonesia 
19. S million 




465 

million accounts 

76% 

Twitter users now post 
status updates 



Twitter users access the 
platform via their mobile 



Wayne Rooney 


'■MIXllVnlHHIl 


Mgl 1 Paul UaC^ili zf 






^BL PnHI| • 

ntbilManifHKJliiElHIiflfeanr 

W I.r. ■■.4h», WIVf M*, Wl ^ r hrf» i*!.?)!: 




^ ■ j ^ 11. r. - 




mj Kir 

§. j H 11 I'll- 




MB 

hiUBrt Bmr. hF4 *l^t 
1 Lnphf HKWY 

1 1 . .Liii L^luu 



. [text-based messages]^^* J^^Jt Jl^jV c>-U3l l^^ki^j 4^*J> cjli j^l ^Ui^VI J^»1jj j^jj 
^jj jjj^II 6L_A^JI QjxSh (jjill ^LQAaaju^ll 4 [following] <— fl^g-ll ^ ^ ^5^11 U»l 6L -^J^ ^j^j ^ <^lt l_a^JI ^j^>^ >'MI 
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[COLLECTION LINKEDIN INFORMATION] LINKEDIN £F cA+j*A ^ 
1 




Copyright © by I 



AM Rifitrts Reserved. Reproduction is Strictly Prohibited- 



*1£>V o-Uii <d .professionals t >^^ v ^ ^Ui^VI jjII j^J y> Linkedln < jjjjj j ^ jf^Ull jl jc. 

. [Footprinting] laloaVl 4jUr. diLa jl*-<JI cjA <J£ £-<^ A j£ aj ^Ig-xJI ,c V^ll (j<^ /Ml ^jc jjj^j <iU.i (j-a jj^I j 6<JL^jV1 tjj > ^ ^ j 

[COLLECTION YOUTUBE INFORMATION] <-hjA« ^Ujk^lt ^ 




3rd 


I Most visited website 




according to Alex a 




^j^la A j£ aj ^JlaJl <j!^L^ (j-a 4£jLuua j jJJjiJl I— ll aL> SjALuu* j £3j till ^JJ CljjjjVI 4£jjui ^^ic ^JJj jSj^ jA U jJJ jJI 



(<^Ubtf I jSlj- ^ u^Jii^*il tracking users on social networking sites 
cjL^ll ^ Get Someone's IP or IP-GRABBER JS* ^1 j^i ^ *<-*s«ll jois— 11 <jLLJI ^1 ^^sl ^Uil 
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;<ua URL ^ ^ M2J^ ^j^ala ^iij ^3 

http://www.myiptest.com/staticpages/index.php/how-about-you 

J Redirect URL: http:// 'Link for person <> * J^ 1 J J^^iU - 

.Link for you 



Find / Get someones IP Address 

Can I get someones IF Address ? 

The answer is both yes and maybe, and it may not do you any good. Try this tool to find someones IP Address. 



Link for person : | http ://www. my i pte stco m/i m g . p h pTi d = u3b d q u ry ey &rd r=www. g 
Redirect URL: http :/y| www. gmail.co mf" 
Link: for you: 

| http ://www. my i pte stco m/stati cpages/ind ex. p h p/h ow-a b o ut-y o u7"i d = u3b d q u ryeySs h ow_i p =1 



Topics 

What's this 
(FAQ) 

Friend Sites 

Hosting 

Neighbors 

Blacklist IP 
check 



<Loj jjj Link for person lS^I j*^' j Jajl jll ^jouj ^ ^lJ^JU ^UJI ^qjq^ti IP Jl <jL^ <-! -1 

jj ^ Redirect URL: http:// JSaJI o^U URL u 1 jh^ -2 

.^JLjal J^^j j t-fl^Jl IP Cj\ iS±^& jl 'cs j^l ^q > ^i ^ Link for you ^ *± j** j-^l URL ul ^ "3 



Link ID IP Proxy Refer Dale-Time 

ZLcaeujba1f2 8593218204 NO MO 2012-08-06 13:04:44 

FIGURE Tracing id entity user's 




FOOTPRINTING TOOLS £&i~ti\ cjIjjS 2.4 



,3 i " a CjLg jlx-<JI ^a^. cJ*^ cIjIj^VI CjLdaixJ! ^jAxJI .CjIj^VI S^oLuLd (jj^>Ja (jc L^j ^Usll clA^ Footprinting 

FOOTPRINTING TOOL: MALTEGO 



http ://paterva.com :j^a3I 



. [intelligence and forensics application]^ (i^j olSilb j^l j^^JI ^jii* jj^kj j& Maltego 
% jUc Maltego . [Security related workjo^^ ^J^al&Il JL^VI ^h^J jlx^lt <J^^J "ml 

^Ldjojl J ^jjLd J^3l) Cljjlj^U Ajl^jll ^LliJl J 6<Ll3 JJJ^IVI ^<J1 J CjLoUajj^J! J CjI^JjoJI tAjcLdl^VI CjI^JjoJI 4(Jjjli3! Qll (Jl&^W ^JLlSI 

.cjULJIj <<jjLij3!j t[ a ffiliations]^^LujVlj 4 [phrases]^ '(IP ojj^ 'Netblocks 'DNS 

















fill 1 














Internet Domain Personal Information 

FIGURE 2.45: Maltego showing Internet Domain and personal information 
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cjU jlxJI (jl^j ^Jill (j^l j^Vl s^^tift ^!lkLaj| stat .Paterva c> ^hl ^A 1 ^tal ^ Maltego 

.CjL» jIslxJI CjULac. tilli ^ (j^cl 4-^^ ^-^j 6 DNS ^iUalual CjUjI^] .CijjljVI C5 lc ^L»UJIj jliLJI 

„ JJ^jll ^^jLuJl (J^^^J ^-^J 

^ . Jl£ 4^U3! Jj\j 6g -K ^ Application <^ 'Maltego 
Information Gathering -> DNS Analysis -> Maltego 

. Jj> uj^ l>* cSjj^tl ^hviml iAft a) V Jj> > >ntl Maltego ^ta^luiV J jVl s jJa^Jl 

4^Ui3l j^-ki Maltego V>j>^l 




investigate 

r bi ° c ° py 

£ Cut 

Paste Clear 

All 0 Delete 









Maltegc 


t Kali L 


nux Edition 3.3.0 


_ a x 




t-n s n M a r h i n 








s 




Welcome to Maltego! 
Startup wizard - Welcome (1 of 5) 



Welcome to Maltego! 

This wizard will guide you through the steps of setting up your 
Maltego Client for first use. 

We hope that you enjoy using our product as much as we enjoy 
building it! 

Please note that the Community Edition is intended for 
non-commercial use only! 



< Back ^ | Next > Finish Cane 



0 Show on Startup 



Latest from Latest blog posts 




https://www.paterva.com/web6/community/maltego/ 



Investigate 



t 


u 




Copy 




Clear 




Cut 


Paste 








All 


• 


Delete 






Maltego Kali Linux Edition 3.3.0 



Welcome to Maltego! 



Startup wizard ■ Login (2 of 5) 



Enter your details below to log in to the Maltego Community Server 



Or if you have not done so yet, register here 



Login 



* Email Address 



Password 



* Solve captcha 



Next ^» > fJ J j-> > > n\ l 



Next > Cancel 
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a <3a a 




Maltegc 


Kali Lini 


jx Edition 3.3.0 




_ a x 










m 





Welcome to Maltego! 
Startup wizard - Login result (3 o 



3. Login re< 

4. Select tra 

5. Update tr< 



i mohammed, welcome to Maltego Community Edition! 
sonal details 

First ric 



mohammed 




Surname teba 
mail address janateba@gmail.com 

p API key is valid until March 13. 2014 at 12:00:00 AM EDT 



ALTEGO RADIUM CE 
ALI LINUX 



[tP~\ Show on St 



:^Vl£ Finish £ ^1 J\ J^s ^ next ^ 




^ Start Page x 



Recent Graphs 




Ready. ..Set. ..GO! 

Your new Maltego client has been initialized sucessfully! 

3 new application server(s) were found 
123 new transforms were found 
74 new entities were installed 



You are now ready to use Maltego! 
(•) Run a machine (NEW!!) 

O Open a blank graph and let me play around 

O Open an example graph 

O Go away. I have done this before! 



< Back | | Next > Finish |Cancel| 



[*s] Show on St 

(run a machine) 4*-^ c> *A&*VI j*> Maltego J^i .cjUjkJI JjL ajJ Maltego 

(open a blank graph) j^a u> uj^j^ ^ * Jf^ u^ v^m^ l .V*^ <^ y?^ £ ^j^j] 

J j^. j t^Jaiall j t^j^ jJI Ai!>Ui3 Ajjj^aj ^^13 <jl Maltego * .wizard ^ ^ ^ la^j jl 

.DNS J^^J^jj) (j-a <L*aH dlli CjI^I JjoJI j 4_xJala ^^ic j\ iA 'nx a A 

:4JU11 ^a!\ f iJl MaltegO SjULaII (j^aaill CjIjUI ^Ip bUfel 

.o-al^bU ^jj&iyi ^jjJ! ojjU^ ^ [Associate an e-mail address to a person] -1 
>( j-aU^bU l^jII ^ [Associate websites to a person] 
.^jjjjiW! ^jjJI <> JL^I [Verify an e-mail address] 
c*Ui ^ Uj <> CjUjkJ! ^ [Gather details from Twitter, including geo location of pictures] 

.C— 1^ )\\ dJS^^ *LahViml (j^^la <*-^ jlx-<Jl £yz J ^ jqjVill "5 

I^I^JjojI j CjLg jlx-all £-<^> <^ IVIaltegO S^lc ^Vimjj .a t L^a j diaj I^qIa^LujI A)\fs <J>*juij j t jjjoiflj ^-ll^J V dil jjLtJl ^ht ^ 



-2 
-3 
-4 



dl^VI A udAlfrll (J!^. 6 J^^^ ^jLl^Vl (J^XJ ^ 
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MaLteqo KaLi Linux Edi. 




Maltego Kali Linux Edition 3.3.0 



Keep relevant NS 

tJ' Please select the NS reco 



j - rt^ » * 

^ it K K ^ 

:: /. f* ★ ' v? 



Pal... | 
<p Devices 
g Device 

©- Infrastr... 
©- Locations 
©- Penetra... 
©- Personal 
©- Social N... 



Main View || Bubble View f Entity List | | © || Ifi) | | ■ | | £ || |H f&, || || >■ | [~M 




ords you wish to keep. 
We will see what's shared on the selected 
ones. 



<K X 



NS records 



f^l ns2.google.com 



0 §a ns3.google.com 




snsl.google.com 



0 ns4. google, con 



Run Transform 
0- Run Machine 

Copy to New Graph 
% Change Type 

Merge 

Clear/Refresh Images 
Attach 



All Transforms 

DNS from Domain 

Domain owner detail 

Email addresses from Domain 

Files and Documents from Domain 

Other transforms 



All transforms 



Type Actions 



Output - Transform Output 



Received [1G19] results from RobTex 
Transform To Domains [Sharing this MX] returned 
Transform To Domains [Sharing this MX] done 



Copy 

Copy [as List) 
Cut 



Delete 



om graph 



maltego. D amain 

google.com 

inships 



= Property View 
<j) Properties 
Type 

Domain Name google. con 
WHOIS Info 
G> Graph info 
Weight 
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FOOTPRINTING TOOL: DOMAIN NAME ANALYZER PRO 

http ://www.domainpunch.com :ja^JI 
*uJ ^c. iiU^Jlj Sjblj ^UjV jj^j J^ull ^Uij ^ ^^jj j*> Domain Name Analyzer Professional 

j^l CjU^ t (expiry and creation dates, name server information) ^l^VI jf- 

.(TV 'NET 'COM for thin model whois TLDs) lsj^ whois 




FOOTPRINTING TOOL: WEB DATA EXTRACTOR 

http ://www.webextractor.com 

i^j jj^iyi ^j^) ^£ j^ii JL-a3VI cjUUj j^U ^ Jaxj <jla .cjUUJI ^-1 j^IojV stal Web Data Extractor 
(ajjoljj^)]! 4_aK3I *desc j^*-^)meta tag ^ jJI URL u^j^ c< 3^ j^"^ cs - ^ .^-^j-^V^ Cy* (u^^j ^ * a *^^j 

,til3i Ld J iQlA jA3| ^JallQ (jC l— laJJ 6*S Js*l\ jj^Xj] 

^jjjUc 6L_flj| j^Jl (*^J' JJ^V^ ^L>^ 6 U^^ J - ^ CttJ^ ^^>J (J' *<^AjLjJI SActS J] <J j5l ^^>?^ .a£jjoJ! CjIjUj s Ac IS 

[spam emailj^j^- cJ^-^j J^jj W**^ ^ jl*-<JI &aa .Ia£aj tA^jJJI ^ 4_ilklA3l ^Sl j-<JI 

<jlasu dlJJJ AS Igil La£ ,4_ilklAll ^Sl (jjjlic L^-^ 6<^jjuai3 ^jjl&lVI ^Sl J>Jl ^al^jSI t^J (j^aLkll Aj^)JI (jj.Vu <~i (J**^ 
J J.ft^ ^gJc Ij^lS (JjSj (jl ciLlc L_L^J tjjljlkl j/^ a tiljLliclj .<J-<i*-U JJC. diljUJl aActS <J*-?^ AjJ±aJi CjLuj JJ^l 

^ilajj] AjjjoJI CjLg jlx-<Jl <J£ (^5^ ^J-^S (jj^J (jl t . la>J ,CljL<Jal<Jl ^jc CjLd jlx-<Jl ^ '^aa\\ JjjoJI j£ ^_3lc. jl^xi j ^jU^jall jkl 

.ciujjjli AjLft*j ^aLkJI wizard ^ ^jj;^^ c_ ujjIj ^ jij -\ 



4c* Web Data Extracto 



File View Help 




□.pen S.tarh 



Jobs |0 I / |5 I 



Cur. speed 
Avg. speed 



bwssiun Mer.a Lag::: E mails Phones Faxes Merged list Urls Inactive sites 



Sites processed: □ / □. Time: □ msec 



URL processed 



Traffic received 0 bytes 



Size 



State 



< https://www.facebook.com/tibea2004 
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(jfLJ j <_i.i$]l a ohul l (jc URL u' cM4^ j» j«j j a\A\jS\ j^kia .ipa. session ^ New j ^* 1 -3 
^UJI jUiJI ^ CHECK BOXS ^ http ://www.certifiedhacker.com ^ 



Session settings 



Source Offsite links Filter: URL Filter: Text Filter: Data Parser Connection! 



Search engines 



Site / Directory / Groups 



URL list 



S tarting URL http: //www. certifiedhacker. conn/ 1 



Spider in — 

0 Retrieval depth 

O Process exact amount of pages 



0 






1 





0 Stay within full URL 

http: / /www. certifiedhacker. corn/ 



Save data 

Extracted data will be automatically saved in the selected folder using CSV format. You can save data in 
the different format manually using Save button on the corresponding extracted data page 



Folder C:\Program Files\WebExtractor\Data\certifiedhacker.com_ 



0 Extract Meta tags 

0 Extract site body 



0 Extract URL as base URL 



0 Extract emails 
[3 Extract phones 
0 Extract faxes 



□ K 



Cancel 



<u! <ULujjj cil^fkj j start ^* > ^ j ^j-^j^ t^-^H* OK ^» > ^3 -4 



• Web Data Extractor 8.3 



File View Help 



0 [Wl (£ 



New Edit Open 



Start 



StOD. 



Jobs 1 0 | / 1 5 | Cur. speed 
Avg. speed 



Session Meta tags (2) Emails Phones || Faxes II Merged list II Urls (8) Inactive sites 




Site processed: 1/1. Time: 12,00 sec 



Traffic received 20.46 Kb 



URL 



Information 



^ j Web Data Extractor has finished the session, 
* J You can check extracted data using the correspondent pages. 



v 





i Session j 


Meta tags (2) || Emails 


Phones 


Faxes 


Merged list 


I Urls (8)] 


Inactive sites 




ii^J ^ill ^Jj Save Session File ^ y ^ l&j^ V-^h ^ 
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ADDITIONAL FOOTPRINTING TOOLS 

Prefix Whols available at http://pwhois.org 

NetScanTooIs Pro available at http ://www.netscantools.com 

Tctrace available at http://www.phenoelit-us.org 

Autonomous System Scanner (ASS) available at http ://www.phenoelit-us.org 

DNS DIGGER available at http ://www.dnsdigger.com 

Netmask available at http ://www.phenoelit-us.org 

Binging available at http ://www.blu einfy.com 

Spiderzilla available at http ://spiderzilla.mozdev.org 

Sam Spade available at http://www.majorgeeks.com 

Robtex available at http ://www.robtex.com 

Dig Web Interface available at http ://www.digwebinterface.com 

Domain Research Tool available at http://www.domainresearchtool.com 

Activewhois available at http://www.johnru.com 

yoName available at http ://yoname.com 

Ping-Probe available at http ://www.ping-probe.com 

SpiderFoot available at http ://www.binarypool.com 

CallerlP available at http ://www.callerippro.com 

Zaba Search available at http://www.zabasearch.com 

GeoTrace available at http ://www.nabber.org 

DomainHostingView available at http ://www.nirsoft.net 



(gi3**Ji\ cjUl»ft <> AjUaJt) FOOTPRINTING COUNTERMEASURES 2.5 



J] l^al^iajl jSaj ^Ij^Vlj ' Footprinting W^jd ^ <JL>^ ( ali^ j ^ Footprinting 4^*1 cs^ 

.^jujLud^JI djUi jlx-<JI (jo c **&\\ ( . iiaj ^ l^ukj ^jj Cjbl i^iaW ^J&Lu l_a jjoj . Footprinting 
yr^ Cf- o^.j^ J s^ 1 * j>J j' Footprinting Countermeasures 

;^JU3I Footprinting ^ s^LjaJI j^IjSII 

.Footprinting Jl <^Ulla ^ ^ t> ^[router] ^) -1 

.J j^aII Jj-> > »n CjU^k ^l>ikj ual j webpage -^[caching] £jS>ail jjj^ill ^ d^JI ^l* -4 

-5 
-6 
-7 
-8 
-9 
-10 
-11 
-12 

.3^ j^JI J j^abU cross-linking j domain-level 4^-13 

IPsecj TCP / IP ^ -16 
.banner gabbing ^ us ^) -17 



.Footprinting -^L^l Jalilll j jjAxJI djt£j^JI <jiaaj3 a^l^c) (j^j ^jII IDS ^ I^LJ 
jjiisJl <LaLm^. djUi jix-<i <JI jjj Footprinting ^ 

.a^jUJI DNS ^ y^l^JI DNS ^ 
.split-DNS fl^lj JJ^I 

,^)lal ^ a\\ j AjcLgI^VI ^ ui, Vigil (j-Q ^Ld^JjauJl cJ^^^ ^ allai ^ J c fl-j^J 
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FOOTPRINTING PENETRATION TESTING 2.6 



. JjljlkVI J^-f^l CAjjil £xa ^ia^I^aII 1 * ^ iklujJ Jill tiltil 4_SjLu» daLlj^J ^1 I^LujI J 4£jjuall jl ^Uaill (j>»l jUl^.1 .(J-**!! 

.Footprinting J^ diL* jl*-* <jc t Lia£li Jc Ij^li ^l^ll <jl£ tit La jjljlkVI jL^-l ^j^-] cs-*-AL9 

<>» ^ jill 11a c5^>» Ja*j <f&ftlt c> s- 5 jl^VI I^a J .iSijill <j*t jl ^Uaill fjj&j aLjoj j [Penetration testing] <jl j^VI J-£^l 
.AjiftVI CjI^suII Jc jjS*1I lS^I l>° ^-i^aj^H L<» <J^j ^Uaill ^1 jlkl ^jjj c _^.jLk j ^ & ojUjcU [pen tester] j^^VI 

FOOTPRINTING PEN TESTING 

djl^jJoll Jl* djjSjVI Jc- jj^xLaJl <L^iiaJI ^auajjAll CjUi jl*.* 3jt-uL ^j^i3 ^^kjjoaj Footprinting Pen Testing 
L_a^JI jj<s 3^.11a1! <juj! ua^Ji djUi jix-<Jl Pen Tester J J^ll £>i& J .^j^^jjoiaII j cjVqnWill j JjxjuHII 3 j 

2_a^1 (jjlall J£ ^l^kiujl J jl^j jl aJc Pen tester .^W^ u' ^ ^ ^1 iiis Pen tester 
c> 3j1 Pen tester ^ bl . Footprinting Pen TestingjW 1 ^ t> c5^Vl ^aJI o^^l £A*jl*-*JI t> 

jjjii CjUjIx^II Jl^^j t a*\W CjUjI^aII ^ j jj* (j) ^^Ic foj^j* ^Lud^JI CjUjI^aII 

U Pen testing JLh^V) jU^I f Ij^I bt> 

^ jAxll 4a11 a! 1 ^1 (j* DNS ci^^ £^-^0^^ ^Iftl till jSjj 

cjljJaaJI ^UjI ^^ulj .4 oil cjljJaaJI ^ JlaUlj <>»Vt jW^*^ ^h' j-^I j& [Penetration test] (jl j^Vt j^^l 
:Footprinting Pen testing <UjSa11 cjljklll .jW^^t (> cr^t (> <^ J^^' 

(^J5Ut o^lj^l ^ J>^aJI) Get proper authorization i^j^l SjkaJI -l 



c> ^J^^ o^j^^ Jj*-aaJI ja Footprinting pen testing c> ^j^^ ^j^J' u!^ *lil .lP] Pen test ^ u ( 

.[admin] ^Uaill J jiu^ Jio t^jj jIolaII ^j-aL^VI 
(jajjlill jUaj ^i^j) Define the scope of the assessment SjkaJ) -2 

1 ^ t tillij <£jJa3l ^ ^IvAfi ^ <c. j^^ a ^AaJ ^aJJ^jli (jUaj .(jljl^-Vl jUl^-V (3f Jabd -^J^ jA ^aJJ^jll (jUaj 

lalaaJ ^j) ( . la>J t^jUaill ^AaJ ^J^^ .Pen tester ^ ^ .^H^ ^ J 6 J^^'^^ lfr*l<VVlml clA^ ^J^ J 

_<illk-All Footprinting djUiij ^l^klajU a^J, uiaJl CjUj jIslaII 
(diaall CjISja^ Jjjla ^ Footprinting Perform Footprinting through search engines :^llul) SjkaJ) -3 

3 ^hi^ t Jj^ CjUjkJ! B t*Ui Uj t Pogpjie 'Bing 'Ask t jAb ^ Jaja Jl« d^JI jo Footprinting 

^jojU^JI J til^cLaij (jl 1 ^ i£ jll j ,^cll t^gateway)^^^*)?^ jij j^-^ Jj> > >n cj! ^ q > ^ t^jjjila j-<JI J^ 3 ^ Vi^^l 

# l1jLa^JI (j>» 4 a ^jj a ^1 ^j| (j>» Ia^)JC.j AjcUu^VI 

(AjjjjjSjyi gSl>»ll cjfr ^jUaiutfl f ui) Perform website Footprinting S^laaJt ^ 

'BlackWidow 'HTTrack Web Site Copier <JS- ^jjj^V 1 Cf- ^ 

.4_jjIasla1I 4jojH^1Ij j>JI 4_iLj^aij pUjI tilli Jj U»j ^Webripper 
( Jjjj£1VI ci^l ^l^l^b £!>Ual^n Perform email Footprinting :<^»^JI SjkaJ) -5 

« PoliteMail ^eMailTrackerPro lS^ cj! j^I ^l^l^l JjjL ^> j jj^lV 1 ^^^U ^^la.VI 4^ ^bl 
jll j ^Ui^VI <^^ll pbV ^ jail ji^ll Jj^ cjU jlx^ g^aJ .cilli Uj 4 Email Lookup - Free Email Tracker 

(^uilloil ^ cjUj^a Gather competitive intelligence :<^^JJ SjkaJI -6 
https://www.facebook.com/tibea2004 A^Ia ^^aa^a 
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^ j 'Business Wire 'SEC Info 'Hoovers ^ flv^""^ ^ j^nH CjUJii<JI/cijl£jj^3l ^ ajjIJ jViniVI CjU jk-<JI 

4i«ajS iiilS) Perform Google hacking SjkaJI -7 

^ jill >JI J ajI^Vi cj! jiull .cilli Jj U j <SiteDigger 'MetaGoofil 'GHDB ^1 ^l^i^U jS 

(whois ^tjS ? t±kl^L £&*Ji\ hL&) Perform WHOIS Footprinting Sj^l -8 

j ^jojI Jia djU jlx-d J^ J ja^JI a) m( jix-A J j^. CjU jix-d ^Ij^IujV WHOIS Footprinting 

Jl* djlj^ .tilli Jj Uj tc5 j jj^V* AD**' «<— ^taj c*Ui J Uj ^ JL^jVI Ji^lii j 6 J^uoiJI ^juoVI j^3l cillU <xJ tip 
6 ^ ^l^ki^l td&Aj CjU jkJI d^a ^-1 jia^l Jc cil^La£i Activewhoisj Whois Pro 'Country whois 'Smartwhois 

(DNS ^tjS £>tkL^t Perform DNS Footprinting :**-uA^t Sj^l -9 

0^ j« u j 'DNS record 'NSLOOKUP 'DIG ^1 f hii*b DNS Footprinting *bi 

(4£±ZA\ cp. IAj& * bl) Perform network Footprinting :S>iUi) SjkaJ) -10 

^ j 'Network Pinger 'VisualRoute 2010 'Path Analyzer Pro ^1 ^l^i^U Network Footprinting <^^5 

cjI^jJJI ^jc djUi jlx-dj (jUaj ^jc t a.^<u ^ ^xujjj Network Footprinting .^^^ a£jJo13 ^Jaj^k ^UijV 

iiilS) Perform social engineering :^>^ SjkaJI -11 
^ cr^^ dumpster divingj shoulder surfingj eavesdropping CjU^j ijiis 

cjI£j^JI J!>U (>) Perform Footprinting through social networking sites ^h^I SjkaJI -12 

J!)Lk ^ ^jUujjI C5 ic J jj^aJI c _^j3I c v^ll ^LxJaixJI C5 ila ^^Ic ^^.Uu^VI J^ 3 ^ £^ Footprinting *w 
6 jjjjj 'Linkedln ttiljxualilt Jl^ 4_icUu^.VI cjI£jJo3I ^\ j>» ^^ic a_l> kSJI aL> cjUj jlx-<JI ^a^. ^^ucUu^Vl ^jujA^JI 
t5 lc. J jj^a^il di^j (jjjUll ^l^klaal Ljajl .ajcUu^VI ^i^JI pbi ^ ^cLoij ^1 j ttilli U j Pinterest '+J^j^ 

(gJUUI ^iaa Jjjjj) Document all the findings tiHtiS SjkaJI -13 
aj , jUlkVI ci^-^^ ^^j -0 <-S^ ^ J j> ^i^ll c _^j3I djUi jIslaII ^Jjj jj j ^a^. j ^Pootp rinting ^ djLuij J£ .^il ^su 

LdAic ^''LildVI CjI^suII ^^ic JjSix-Sl ^ t^A .Ai^Jjab<Jl 4^<Jal<J3 ^^-i^VI ^J^a jll cJj^'^J ^jlj^ Alii jll o^A ^1 I^JLujI 

(JlJiiVI jbSil ^ jijlii Ji^Mli) FOOTPRINTING PEN TESTING REPORT TEMPLATES 

^LujI uiaJl djUi jlx-<JI c . Pen Tester ^-j^j .4jouojja3I la^ ^ J o-^Vl j^*^ jW^-' ^'^^j ^ ^ *^^ c ' 

^jc djlcliJl ^Uaill l!^^ 4_iLaC . Footprinting^-^ (S^- cl^ J J^- Jj ^(Jjju^Lill ^Uaj ;^^Lk!l Jjj^alij Jld 

Pent tester j^j^ .Pent tester j^j^ ' j^j^^ J 4_nxJI ^LjaJ! j^l^ill ^ Jj Ui^ c ^ > ^ 1 JaUj ^ jj^ jVl 
l-uILojIj tl^j cIlqS jll CjIjUI^VI ^* jj l!^ cJ.y ^ ollSt Jc ^jli^j j^a (J^^ jl a£jjoJI ^jljlkl CjljUlkl ^.tal Asu diL j^j^ 

lit 
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rrtorrrution obbmed throuc* 1 se»rch erifin 



Inforrnuattor* obtained ihrough people <w>arrh 



InrforfTMtion obtainedthraugh Google 



Intormatw 


n obtained through email fpnoj^ripfirt^ 


informario 


n obtained Throught ompetrtiw 


■ i nteH tag en -re 




r 


A * 

■■j Projmrl p 























■pan 


Information obtained through WHO IS footprint! ng 


Information obtained through social engineering 


j^j from a in n ame details^ 




Personal information; 


|Q Contact details of domain owner: 


■ 


Financial information: 


uomain name servers: 




Operating environment: 


|Jp Net range: 


ts 


ihif tnnii mil password c: 


^ When a domain has been crested; 




Network layout information: 


■ * Others: 




W addresses and na rnes of servers: 


information obtained through DNS fbotprirtting 




other*: 


location of r>MS servers; 


^ TVp«off«w»: 


€theni 


Information obtained through network foot printing 


Information obtained through social networking sites 


^ Ranee of IP addresses - 


■ 


PerSGnal profiles: 


Su bnet mas V used by the target organization : 


a 


Work related information: 


jdf OS's in use: 


a 


News and potential partners of the target company; 


Firewall locations: 




Educational and employment backgrounds: 


**** Otfwn: 




(Mm 





OTHER TECHNIQUE OF INFORMATION GATHERING WITH KALI LINUX 2.7 



aAa*1 4 ^ > ^a Information Gathering u^j^ cjIj^Vu <^ ^ 5 ^ jj ^jj^ 

^^Jc e-j^JI j^jjjuj .djUi jIslxJI A^cLaW l_u3LujVIj CjIj^VI A_ilasu3 ^ - gaiLo UU£ ^Lgj ^ji (j^-dj .Footprinting^ 
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7 



Wed Mar 5, G:Z8 PM 



. Jlir, Accessories 
y Q ELectronics 
Jjj^ Graphics 
fu Internet 



laUa Office 

Programming 
bui be und & V deo 

^Q? System Tools 




> ^ 



1?- 



Vulnerability AnsLysi 
Web Applications 
Password Attacks. 
Wireless Attacks 
Exploitation TooLs 
Sniff ing/ Spoof ing 
M aintaining Access 
Reverse Engineering 
Stress Testing 
Hardware Hacking 
Forensics 
Reporting " no Is 
System Services 



□ N S Analysis 
IDS/IPS Identification 
Live Host Identification 
Network Scanners 
OS Fingerprinting 
OSINT Analysis 
Route Analysis 
Service Fingerprinting 
SMB Analysis 
SMTP Analysis 
SNMP Analysis 
SSL Analysis 
TeLe phony Analysis 
Traffic Analysis 
VoIP Analysis 
VPN Analysis 



Applications Places System J >_ f 



Sat Feb 15, 5:16 PM Jt± 



r ^ Vulnerability Assessment 
'0L Exploitation, Tools 
»- Privilege Escalation 

* H $ M aintaining Access 



* 'Z * Network An a I y si 
Web Application 



Database Analysis 
Wireless Analysis 



* ^^j" Reverse Engineering 

RFID Tools 

»- 4£tt Stress Testing 

<r^^ Forensics 

I Reporting Tools 

I ^3 Services 

"p' M i s eel I a neous 



*■ i 




ack 




COMPANY WEBSITE 

A m, Vigil Cjl j (_£^)^.VI t*V^ ill ^ J(S >1 L_fll^VI £>i& ^ Ai <aJ (jl .^JJ^I ^jl J-^l J c J^l (j-a e-LjacI j 6<LgIsl1I uall j 

J jj^a jll (j-a diaJI ^Iaj dujiiyi robots ^ <uLlj ^ kxj c _^j3I ^al j-<JI ^ ^j^j <-<»l*I3 ^-ll<i robots.txt t *°^^ 

4_jlc (3^^ ^ j '("search engine spiders"^— 1 ^^ ( . & cijl£j^<i ^jujU Uiajl ^^>*j ill Cjl^^p^J dAiLJ! ^1 

. The Robots Exclusion Protocol 
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L_fl^A ^USiVI JJJ^LJI e-lkcb IgJ&Laj (j£-aJ 4ciUi ;4jjoUJj3I Ch\ lla all ftjb j 4jjI£*I ^Asu ^flj^alall Jf^ "/ I Disallow" J^*^ 

.<LgLxU 1 (jj^J <ljt-aJ 

^^13 "robots.txt" j^*^^ L_fljjjaj ^ .<-i^JI ^j^U c5 >M jl^Jl ^ <Jc- jj^ 'Robots.txt lP 3 j*^ 

" http://www.facebook.com/robots.txt " icPVIS Jli* 



I f3 http://www.facebook.com/robots.txt 



# Notice : 



Disallow 
Disallow 
Disallow 
Disallow 
Disallow 
Disallow 
Disallow 

Disallow 
Disallow 
Disallow 
Disallow 
Disallow 
Disallow 

Disallow 
Disallow 
Disallow 
Disallow 
Disallow 
Disallow 
Disallow 
Disallow 
Disallow 
Disallow 
Disallow 
Disallow 
Disallow 
Disallow 

Disallow 
Disallow 
Disallow 
Disallow 
Disallow 
Disallow 
Disallow 
Disallow 
Disallow 
Disallow 



z : baiduspider 
/ajax/ 
/ alfcum . php 
/auto login . php 
/ checkpoint/ 

impor t e r / 



s/ 



/file_download . php 
/l .php 
/P - php 
pr.ccc -php 

/photo comments . php 

/ phoco_search . php 
/photos . php 

Googlefcct 
/ajax/ 
/alb'jir. . php 
/autologin . php 
/checkpoint/ 



nload . php 



'feeds/ 
/file_d 
/l .php 
/p . php 
/photo . php 
/photo_oomments . php 

/photo search . php 

/ photos . php 

/ajax/ 

/album. php 

/autologin . php 

/checkpoint/ 

/contact_iitporter/ 

/feeds/ 

/f ile_download . php 

/ 1 . php 

/P - php 

/ photo . php 



THE HARVESTER: DISCOVERING AND LEVERAGING E-MAIL ADDRESSED 



jjiAj ^jjllj^ JUi j dujjSjuj 4_&3 j aI&c lajjaij Harvester .^UaiuiVI cjLLc, ^ l^l^kioaV sjli^ obi Harvester 
^jjjjilV! ajjJI ojj^ y& * ^ ^ sbVl .[Christian Martorella] ^ujj jj* o^j^ *jj£ 

,Ua^j 6jjaiU^ -iaiijj ^^l ^j^^)^ o^* j^IA— ^-SUajJI j 
_ JjaisL l^L<Jij| jj^j ciij iaj C5 ic Jasu c— ia ill ^jaxJI <jV <^lbj Harvester Cy* A ^ > ^ cj^.! a I i^iLujI U^b ^ all 

^cjtnll lj>laJL diaall CjI^j^g ^ j£j idjVLaJl (J^» J ^ ,<Sl*i jjc. 4-JVl CjIj^VI ci*^ U' t*^;ll cilj^x* til jluil Aiiikll CIjI jjj*j!I 

tikidj jl J jUj jl l^jLi ^ [throttling techniques] cjb& ^vimi dj^JI qa aja*JI Liajl .c*ll aj^jc JjS 

-L5 JVI ill CjULaC (Jji-uiJ 

j jqj i h^l lj t ^jjjilVI ^jjJI JjI^ jl PGP ■!! ^j^j < (Bing)^ 6 (google) J^j^ ^ < *^jll W^^*^ Harvester 
jilxj ^Ull <Ja*^ .^. vVinirtH *UJ jo Linkedln biajl . (subdomain)^c- jail cjISLLjIIj 4 (hosts) 

^ jjj^IVI ^jJl (jl J^C ^l^klajU <Lal»J! CjUVr^ll JLojjVI jiaLk-d JjtilU UJjalj ^3 jjc. (j^aLiJl ^ jjj^IVI ^jJI (jl J^C 

jl t(VPN) Virtual Private Networks 'Secure Shell ^cjU^k aJ brute force J*^ ^ 

.(Scanning) 2 s j^Ji ^5 l^i^j lJ*j^ 4 (FTP) ^jULJI Jlj J^jjjjj 
.theharvester j^ljVl JliajSlI sialj ^ Harvester c^j Jj^»j^ ^j^^ . J^b obi j& Harvester 
^ l^jlc- jjiixil (c5j^Vl CjIj^VI UjjSjj) Harvester 'ls^ ? ^L^l j ^UjJ3 J^l£ll jL^I <^L^ ^ du£ bj 
^^Ic ^jIL^j ^ill ^^joLjjjll ^la A\ ^1 J jj^a jll obi (j) JjxjuHI ^ttaJ Asu ^3 <j| ^^^jll ft (jl 4til3i ^ ./usr/bin/ N V ^11 

. j^VI J-i* J^3I ^iij ^jii <LLouj t*lj| dii^ t*Sl jj cilUll Jio CjI jjVl 

^Uil j-4]! ^ SbVI dift Jjaaj (illLajfl till jj <ilb jl jji c^j^l J^jj^ J U'^ljl J^*-^ J-**^ ^\ 

http ://www.edge-security.com 



https://www.facebook.com/tibea2004 



120 



$./theharvester.py©-d©syngressxom©-l©10©-b©google 



$theharvester©-d©syngress.com©-l©10©-b©google 



root(9 j ana : ~# theharvester -d syngress.com -1 10 -b google 

* i i_i i_ /\ /\ i i * 



* i i ■_ \ / _ \ //_//_" \ ' \ \ / / _ \/ i / \ ■ i * 

:,: I LI I I I _/ / _ / (J I I \ v / _/\_ \ | | _/ | 

I \/ /_/ W \ II /\_\ l_l 

* TheHa rvester Ver. 2.2a * 
:f: Coded by Christian Martorella * 
:+: Edge -Secu rity Research * 

* cmartorella@edge-security.com * 



[-] Searching in Google: 

Searching 0 results... 

[+] Emails found: 

solutions^syng ress . com 
ch risdsyng ress . com 
salesQsyng ress . com 

[+] Hosts found in search engines: 

198 . 81 . 20G . 14© : booksite . syng ress . com 
79 . 17© . 91 .51 : www . syng ress .com 



. [Hosts] L)^^tj[subdomain]c5^jiJt cjliUaUlj Jjj2£ty) jjjJ) & £iaaJb ?Jsu j^Vt )ja 

^^klaLj .sbVI *\^suy "theharvester ./theharvester.py" ^v^nj .^LJS ^jSI j^VI d^aj U j&j tSbVI 4J^Ll<> <JjS 

10 ^jj SbVl ^ jli 4<!UJI £>i& .LI t^t^j) ^jj Jll ^uLill ^ iaJ] [-1] ~ ikl^ .cJ^JI j^j^l \: [-d] 

CjUUJI jAj^q ^ l^stift ^jSj ^3 bj .l5^ ja. ^l^klujU diaall Ujlkl t Jllall bA J c*Ui j>» j^lj 'Linkedln 'PGP <Bing 

^jaxJI ^j^j JUi harvester clA* 6 ujj^ .^-^ ^ tfcbVI ^Ia^LuJ L*Laj ^ij c±j| jVI 

." www.syngress.com " j " booksite.syngress.com " 



t^tS ^ij (metadata) 4j*-ajll cjLLJI ^IjaoJ sbl ^ MetaGoofil. MetaGoofil cjUjIx^I sjli^ ^j^J abl 
(JiL<» iiLau> ^Laijl /'CjIjUJI (jo cjUUj" L^ju jll CjIjUJI L_fl^su Ui Ullc. .harvester I j^j^ u^^^ <j^aLkjuiVl 

£>i& J-<u25 U» Ullc. > flL&li J^b I^jj j AjaLiaj djUUj ^Luijj ^jj ^PowerPoint J cs lP 3 ^ Microsoft Word 

^LgjojI i j^^jjaixJI s-LgjoiI <il3i Lftj 4i^jjoa>JI 4^<Jal<JI jc D^jjill jl^aVI j^asu ^SLi ^ CjL» jIslaII o^lja ^^ic ^.1^<J! Sj^S 
c^jjliVI ( ,fl ^ v; sbVl gJfc MetaGoofil .^^Jl ^U^Vl c> L* jj£ j tA^jLUI CjULJ! cj! jLu^ t^UJI j! jj j;U^I 

V j Jj^aalL ^jli MetaGoofil 6 c3^^ 6 ^ ^ o-^^Ji cJ^Jl ^^ujj Jll jit jc^ 
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lS^»-^ j J^j^l oiflU J^l^. 4^!^kjjuj| (j^-AJj J^ ^— MetaGoofil .o^LJI jJI cAjUJI ^•ij^i.^i 
ls* & MetaGoofil ^ J*** J) <J*^ <-)^ t> j' (^ti^ jj* j W^)" metagoofil" 

./usr/bin^V^ 

: Jlsll j*Vl jl^j JjjL MetaGoofil 



root@jana:~# ./metagoofil.py©-d syngress.com©-t©pdf,doc,xls,pptx©-n©20©-o©/files©-f©results.html 
root@jana:~# metagoofil©-d©syngress.com©-t©pdf,doc,xls,pptx©-n©20©-o©/files©-f©results.html 




^j^l ^j^j] [-d] ^l^kiujl .MetaGoofil yr^ 1 ^ ^suy metagoofil (> v^ .. n . j*Vl li* J^Uj J d^aj Uj^j 

.aL^j j &^LaJ 5J jU^» MetaGoofil c> yr^ ^iLJi ^1 jj] jl ^jj ^1 Jrt^l [-t] ^I^IujI a lJ^JI 
<odpj <pptj xlsj doc <pdf a f$&\ l> ^AjIjJI ^1 j^U ^ s jiS MetaGoofil 6 ^ 

^jj .(cjlaLai^ j) ^L-^ll ^l^klujU ^ jj J£ Jj^aa (J^j^ 3 <*-iLaL ^1 jjI Jl^j *j .pptx <xlsx <docx <odx 

JjAiall ^a^kludj I j^l MetaGoofil djliLJl <j£ (jjj^J L — ^ a\\ ^j^j] [_o] <J^f^ ^Viun .t^cL^j] ^jll 

^cjIIj (j^ajc Liaj! MetaGoofil * ^jjaljiial .^Lojj^ill j <l^aj j^iuiii aIsi j Uijj li^ <. al^ ^j^il [-f] 

laid CjI£1a2) £jl jj^a] [_f] j ci^J) (jj-<a Jji^a] [_(|] (Jjjjjju]) I^jla - laJL ujj goofile ^ J dUV) di^j *Uj*ui dU) ±^ jj 

THREAT AGENT: ATTACK OF THE DRONES 



jjjJaj Ssj .ThreatAgent Drones j u a ' ^\: u?'^ j tgOUaiuiU j±\ jlrk 

https://www.threatagent.com 

giljJI t> ^l^luil JiLk j> Jlill ^jLowJI OSINT (open source intelligence) J t*Sia.L ThreatAgent 

La£ (jUaill ^jujIj <jauaJj>Jl ^jojI j& A ^.llaJ c^^l jl! ^ c _ 5 juo3I ^aLkJl L_fl^Jl (jc (ill! J-dl^ t flLo ^LodV CjUj^illj ^ alia all 



^ https://www.threatagent.com/ 



- C 1 I | H~ Google 



^1 



THREAT AGENT 



Tools— About- Training- Plans Our Blog Videos A janateba@gmail c 



DRONE 



Drone assists information security professionals i 
gathering open source intelligence for security 
assessments. 
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DRONE 



Open Source Intelligence 




i IP^jjjUc djliUaj (jc cilli Asu till IjJJ^J fSL c_a jjoj j-all c qVi^ ^ ^jc CjLg jIscaII ^-1 j^hul ^ DrOIie ^J^i 

. tilli ji&l j t [ShodanJ^- ^ j^Jl (ports) iaLLalt j ^ a^aW J^ta JL^jVI ^-g-^ j ^jJl u^j^- j 

JJ-U 

.^jUj <j^a I^A £2 4a]| J^a jj La ^Jj jlajj 

* H Map B Analysis © DNS Email Wizard EJLinkedln 0« PGP Email Q Search «> Shodan if Twitter © Whois Q Report 

google Asset Map 



We use geolocation data to plot well known hosts, humans, and Shodan results on a world map The following map visualizes assets associated with GOOGLE 
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< a Map B Analysis DNS 


/ Email Wizard 


S3 Linkedln <*< PGP Email 


Q Search <S> Shodan 


* Twitter © Whois Q Report 




google DNS Enumeration 










The following hostnames were discovered via 


DNS Enumeration 










Hostname 




IP Address 


City 


Country 




academico. google com 




74.125.228 50 


Mountain View 


S United States 




accounts google, com 




173.194.68.84 


Mountain View 


■ United States 




admin.google.com 




74.125.228.34 


Mountain View 


■ United States 




ads google com 




74.125.228.41 


Mountain View 


■ United States 




alerts google com 




74.125.228.40 


Mountain View 


Si United States 




1 Subscribe for All Results | 










94 Results 



* S Map 1 Analysis Q DNS ? Email Wizard 03 Linkedln PGP Email Q Search «> Shodan * Twitter ©Whois Q Report 

y google Email Wizard 

Email Wizard allows you do perform possible email address permutations based on Linkedln information 



0 Email Format - 



) Send to Phishable 



First Name 


Last Name 


Email 


Nichole 


Wade 


nichole wade@google.com 


Life 


At 


life.at@google.com 


Eric 


Schulman 


eric. schulman@google com 


Matthew 


Worby 


matthew.worby@google com 


Larry 


Page 


larry.page@google com 



Subscribe for All Results 



< S Map 


B Analysis 9 DNS 


y Email Wizard 03 Linkedln PGP Email Q Search 


<S> Shodan * Twitter Q Whois Q Report 








09 google Linkedln Accounts 










First Name 


Last Name 


Title 


Locality 








Ido 


Sela 


Ido Sela Senior Software Engineer at Google 


Greater New York City Area 


03 


a 




Alii 


Stewart 


Alii Stewart Technical Recruiter at Google 


Austin. Texas 


03 


or 


© 


Michael 


Galpin 


Michael Galpin Software Engineer at Google 


San Francisco Bay Area 


03 


□r 




Jonathan 


Jarvis 


Jonathan Jarvis. Designer at Google 


Greater New York City Area 


03 


or 


© 


Sarah 


Magee 


Sarah Magee Admin Assistant at Google 


Ireland 


03 


or 


© 


1 Subscribe for All Results 1 








529 Results 







DARKNET' INVISIBLE WEB' HIDDEN WEB DEEP WEB 2.8 



.diaall aA\ Jx^j V ^il! CijjIjVI ^5 * ^V^IS a Ll^ll CjI jiuJI ^^Ic "deep web" ^ J^j ^ 

^UjouIU ^LdUl ^^ic ^ jl^xJI ^ ji&l 6j-<i 500 j .s-ijj CjUi^k ^HTML ^Laj j> ^ j c^-^- .[hyperlinks] 

.2004 ^LuL^a^J c_bua^ deep web dAla ^ jI^j j 2001 ^l^a^V 

dujjjVI ^ ^ laJLud^ ^ia» a \ g AxJ A m a dlLd^k ^^£3 j-all ^ 1 uj ^^ic j& La <j£j J-^l .^c^ 1 ^ £^ J - ^ 
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: JVt£ DEEP WEB 

(csi-^l CijjijVI) HTTPJ^ c> ^1 cjUq>^l :[ Dynamic web pages] 4-A%-aLLi]| ^yjll 

^L^jIojI j l_jUM3 <Ja» c— laall <^Jjj^a jia^i Jll ^31 ^31 ; [Blocked sitesj^j^^^l jaIjaII 

< robots.txt^l* cjVU^I J ^pragma no-cache HTTP headers < CAPTCHAs^^^ c&J^ l^uji^ 

t JUaII ^J-ijjuo Jc 

ajj jAixJI tiliaall djl^j^xi ^laii j <^ij^a Jailjj V jll cjLa^all ; [Unlinked sites] jjp jsIj-aJI 

.Wj dj^»j^ ^JUia.! c> [Web crawler] 
.l^JI J j^^ll log-in/passwordci^ jSlI j Ja*^' c_Jkii jll cjUi^JI ; [private siteJ^a^Jt gSl^l 
JjjL J^jl! <cJJil* Jis J ^j^JI :Non-HTML/Contextual/Scripted j^l jSIjaII - 

.(^.la^a IP JjUaj) Axux-d (jUjoJ ^^A jl t^jjj^lfl jl dlJJj£jaj ULaJl 

t> I^jIJ J jll V j5l ^ Jc ^ jjauJI ; [Limited-access networks] J^ajit Sjj^a £M±& - 

:DNS-^ u/ift^'i* oA^ qn^ill (jjiU 

</*) ls >M (DNS) *l*^VI J 3ia^ cjlaUaj *uJ cjli ^81 ^ : Sites with domain names registered 

flSjVlj ^lAjujbU dujjjVI cJ^ c> 'UaluuJl Jjauaull ^l^klajU IfrLajuiS jll ^Jfc £>i& .(TLD tllSUaj 

.j ^jjJaJ l *UJ (ICANN) 
ICANN = Internet Corporation for Assigned Names and Numbers 

CjUiljaj tlpaJl (jC 4_Ijjjab<Jl ^Aj I ICANN CS"^J ^ J C5^^ (JjoiLujJ £JJJ 4_JjJaljjaVI CjUjUaill s-LgjujI 

^j^SI J jaiLaul l ^jojV Ua j DNSs <^lj* ^ .('^* j 'gov <edu 'com ^ J^) TLD 

.ICANN ^ V dASLkjJt ^UjujI Ja. Liajl 4 ojj ICANN ^ ls'^ 

Uui ^ICANN c> AjaU^aj djU.Laui jj^j ^jSI a DNS ^-jl^i^ JK^Vl t^^ll ^ji-oj t*Ui ^ 

4-lIlaJJ D^A djlalkill ^UjujI Ja. jJa. ^ .^5"^^ TLD ICANN V V^-5SJ j CjlSUaJ ^UjojI Jj-v i oJJ ^r-^uLj 

(Jja i oj] ULia.lj tl^jiau (j^J V 4_1^_juj Aijjajj 4(J£juj UI^JI (J^axJ ^aJ^ 1 * A ^j^^j to^^^i DNS ^ ^I-^^mI 

^1 jj ( jiVin gyjll Aji^ill ^iiJl ^ l g ^ l» ^ ,, i t ^ gilj^ ^ :Darknet and alternative routing infrastructures 

^ jjjoui ^^ic <9JjJalouJl ^Sl j-<Jl jl AjUJA [TOR'S] JJ^ ( -— ^a-laill <£l<il ^j^i .IgjUjI^ a jj^ jll S^Aa^o 

Jaxjj I2P j TOR djllifSaj j jj&<v>N <a.H<JI j a\\ DNS ^1 c> c> lS^I DNS ^1 J^- ^ jj^*^^ 

l-jjjoij j ja.j JaaiU dia /ojj^AxJI dAjjla aII Jj J jll jAixJI l— ia ill djl^^a^J ^j£-<uJI 'SOCKS proxy 

qia jVc3^aj ^ill j ^tor2web gateway J^ij c-j^ I^a j d±aJI Darknet ji*-^ ^ j jal^ 

/ojjoiLi^ ^jiia^Jl CllLoJlaJl ^al j-q ^ j'i^> <oi <J jj^ jll 

:TOR2WEB 

http://www.tor2web.org/config : j^-a^ll 

ajj (deep Web) ^ S-^J^^ J -0 J diaJl <j£^u3 Ja. ja. JLft <JJ jj£jx]| diaJl djl^^)a-AJ ^JJ (^^jua^ j^)J ^jc 6 jUc 

.JaJjll <9JjJa <JJJJ ^3 J>JI Jl (JISSjVI (JjJ^ 3 ^J^ 3 ^3^>«-^ 

^ liA jSl .oflU. (J^ki ^l^klujl jj^j ^UJ! ^L^alJ I J [.tor2web.org] ^I^VU [.onion] ^l^l*VI JIajI^I j& tSlli 

,ClljjjjVI (j-Q ^^^^ £>Jl£J (j^alaJl (jjl^H ^l^aJLojl ^jc ^^-istJ 

https://xzzpowtilobho6kd.tor2web.org 1^ https://xzzpowtilobho6kd.onion 



https://www.facebook.com/tibea2004 A^Ia ^^aa^a 



125 



(DEEP WEB) *UiM J> Sjj^aII c^jSjVI Jp ^ iju 
.Freenetj 'I2P 'TOR ^ ^UJIj c> <JS1 jjjJI JL^jVI ^3 4jmnj cj!^j < jVI 

#i <>aj I4J j£Loj 4JbJ) £a\jjl*1\ j TOR ^! j jU^Vt lP! ^ ^ oJj^Vl c^V) :4ia jala 

AjULU jLupV) oIaj V TOR jjuuaj cJIIaII Jj_luu J^) L-yji]! JjSIulaJ) ^ JjnhMI 4-LlS JjIJj ) Jl ^Jjj 

TOR^ 

J jVl s ^ .[U.S. Naval Research Laboratory] *£u*Vl ^j^ll jf^ <> J^Vl J TOR ^ j 
(jVI 3*000 c> volunteer nodes c> J^^t c> ^ja^ll cjVL^j^U -olS .2002 ^ J 

# a£jjoJ1 CjI j^I ^j-<i djUUJI jjj^ ^j^ e-^^-j clA^ ^U'V 1 Sj^-« CjI AL 4.1^. jj ^jc jjjoixJI 
^1 c_>VL^jVI J^j TOR ^ .SOCKS proxy <^ lU^ Jll Jl t^jftfl ft ^wlt ^Ij^j 'TOR t> '^Ul^^U 
^jj ^< u*\\ J| J j^JI JjS .Sjjta Jj£jaa3 Jl jjojlSI ^jIjj <*-ili(node) «^x!l j^i^ tjyj^ ^-^j^V^ a< "- ^ ls^ 0 j^j^/^-^-^' 

^ijj t^^kl Jj 6^.1 j [relay]^^" ^^jVI lT^- el) - * .s^^a^ s^Sc <J£3 j^*-^ ^taLall ^Ia^LuAj jj£Lg J^-*^ l-iIL <J£ jjq>*>n 

Llj^i) Jasu CjliJai) JJslLj j^iuuil (> AJVt di^ JLuP) 

^1) TOR * jj!^ J s j^Vl SjSsJI SjjL-a I^jL ^ jj ^jjuj TOR i> ^^Sll ^itui jiL ^ili ^SLII/^ jUJI 

.<L^al Jj dj ^sl!I L_jila ^jjjI <^jjal j <9Jjla jj> jj* ^jSI j ( [exit node]^ JJ^^ 
j ^j*-^ lila (j^-GJ V ^-i^j ( ; illal] JUllj ^LuJI hop c5 ^j*^ ojjI^II <J^J j [node] ^•^ c - <J^ 

.SjjWI J <LLoJI hop 

^ 'TOR ^ J^ l»SU^»t ^jj $ ^ ^UjuoII 6jjj^> t^jUij JLkjj ^ jil ^TOR J j^jjj c> s j^Vl cjIjIjj^VI J 
^jja ^jc lIaxj Approach ^^j-^." V^jLj TOR (j^> ^ l^-La ujj ^jj j3I djUij^JI ^ji ^ \ § i&u V l^ix^j 

jjjjuiiH j kj > o j£ J-<i3u jjoj jll (rendezvous node) ^^Vl s^Sc. cJ^j Jc- ^uikJI ^Lij^J] J jj^a jll JL^aiil cJu^ jlx-<J <jj j^j* 

.[ (DHT) Distributed Hash Table] ^ 
<La cJLx^ajVi cijUi jls«-<» Jj onion L ^\ Jc <J>isu lLli^ 'DNS is^jj* l}\£Jx\ ^ J£juj DHT jf^s L - J ^- 

JJ^J J jl^J dJlj Ja ^1 (j-G ^ajLiJl/^LJl j Jj-^^ L>^ IP U^J^ f^J 6<!LaJl 6JA J .AjILxJI <xiJ^Jl Jj JL-oj! (JjjJjojUI 

.(J^t» ill l^jJajU ^jC AjjjjaJl ^1 j-<Jl ^likl ^aJJ J^ . JJJ-^l ^J^- J» 

- JUUI Lj.) jit (jja jjj ^iuala j TOR ^-%^> J) Jj^^i Jjj-ulaII ^jjjhMi Jj flVi 

https://www.torproject.org/ 

I2P 

^Uj^ J\ Jo>_^j l^j^j jllj JL^iVI AiJa ^Jjj J^ lU»j [(P2P) anonymous peer-to-peer] 6jLu^U I2P ^ & 
b^*l ^-LuJI Jl c v^j ^ ill j i [Freenet network]^—^^ j^J^ ^ j^^-^ 2003 ^ ^ j^J 3 ^ ^ ^ ciijjljj 
J\) j^VI JJ JL^jVI aIo ajj^JI ^ < LSSlt ^ J TOR ^ .HTTP ^ CjU^k 

Jc) djU^kll Jl J jj^a jll jj^^l.^U 41lojj jj3 jj jA J2P (>» cJ^Jl tAjiaJI CjU^kll Jj diSj J (WWW 

^kj^ (bit torrentj mail 'web 'IRC < JIUI 
ajj^SI jo ( LuaSl l jj^j JL^jVI (> aj^ ^i .. ^ jSaj JW^j j^ Invisible Internet Project -J (j^^l I2P ^jj^ 

4(J a ol\ galll CAjLulaJ <J>ujjj Cilia ^a^jjaixJl j> Jc. ialiaJ! 1 ^ ^ laJLujJ jll CjUjjJajll A£jjai3l .ClljjjjVI 4£jjuj Jc 

Jc ^1 jjW^J iS^^J JJJtMl AJJ^ ^aC^ J] ^CXiljjJl L_ fl^J .CjliLJl A£jLabGj CjUjAxJIj JjJJ^lVI ^J^^ 4<jal^J^3lj 

.^C^lijJ! ^AaajaLQ ^JStJ jl J^ L_fl J^JI (JJ«^ ^JJ 2 ^ J JJ- T ^ C ^ J ^ *J ( -- 1 jjjjVI 

https://www.facebook.com/tibea2004 AjjL ^^aa^a 
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CAiUJ! £Ja*\ J 3 *-^ (> — ^ j-^ (J^-^ J^^^ 4_L^kjaJl ^Jj^-U <Jjaiillj 4_juAjol^JI dilkiflali]! 1 a * laJLujJ jl j^-aJ Alfla j*jJ A£jjuj ^^Jfc 

jj j>i L_fll jlal Jc ^UucVl jj-^ jll (_>^J 3 jfLj J ij ^ j Ac jjx jj^J AiUial jjAjujjII j>» L-lUjluirt oAsu 

U jj^j IRC ;(P2P)^13 itfl djlinkj t^Jjjj^lV! ^Jl lU^j I2P y uu ' ;,; J51 cjllnkill j* jljAxJI jal jjj 

<JjUj JJC '<J^ JJ ^UaJ jJ-atj <J^-^> j^ J 3^ ^^T* a\\ ^.Uj <J jl^J j* <J^ ^ 2003 J I2P ^ JJ^-^ pAill ^J 

JaslSI j& c V^ll .4_Lal j <JJ^6 A^ikt <]ilua^6 <J-gI£ cJ^^ ^ jj- 06 ^JJfl 4^jui CjjaLjaJ J j£J> ^tjj <^&. I2P j^ J ^Jfllj-alJ 

^Ujj 

J Ia jjJsj J <L£jLuuJl j-a jjjkVI jjj aJ AiljJaVU t4_iCJj La <_£.JjJ A^JjuJI £>i& (jl ^ ^ Iklujj jxJ j^jJaJ La li&j ^1 jj.JJ 

.6 j^Jl 4 ^jikl 4_1>I jA»Jl CjV jU^JI <£j>l ^ 

^jjj j*3 <al£j ji&lj ji&l cjLo^JI jl J^ cJ-^ j^j '"lW^W Lbjuj ^ ji Jjl^j V IjjI c^-^*-^ '^P^ *^ 

;U^l\j aJL^J\ cJl^jJ! (> ^>3l jajjj e U^I li* I2PSnark jI2P mail ' Syndie 

lS^ .TUNNEL (jlijVI ^ ji.1 ^ ti2P .(<^JI -W^ lU^ ^31 ^lislVI J J^j 

lij ;<J11a3I J-iJjuo Jc /oj^U^llj 6^jl jll 4jj&Ua3! CjIjLoixJI j>i <c j ^ ^ Jc laal aJj (3^^ jlill jl^A j& I2P ^f^j J S^Sc 

j^UI CjUi jlx-<JI ^ ( . ila Jj Uia. ^ jLkll J 3^*^^ cl>^ Jj ^-!^jj ^j^j 6«^c- Jj ^JLojj lS-^j^ A S^ic 

.<j j£ j* V iSfS cjUUj s^&IS Jll DHT J « TOR J ^ Jj J^^j j^^ J^Vl J j^ CjU jIslJI jj j^i ^ 

J A-l^. j!i3l 6 Qll Jilll jjjjuHH j 6 JiLJl j ^JjojjaII jjJ <laij Jj <iakj j-d Jjjjujjli ;*6^Axl<i dallila aIa^LujLj CIjVIj^jVI JJ^ ^alj 

jiJi^JI 4^ jjIIj ^"oiiioii routing" ^.iij j^jj ^Uaj ^ikiaij TOR -i^^U .3^*^^ J ^U-^^ Jj ^U-^^ jj^^j 
"eepsites" ^4 'I2P J l ^^ l» ^ .. i t ^ Jll AjiaJI gil jJI j "garlic routing" ^ j*^ I2P J 

http ://geti2p.net/en/ 

FREENET ^ 

J pure DHT (aj^ 'I2P J^ j .I2P ^ * j^-^^ cl^j 6 2000 ^ ^ 6 j^J^ Freenet 

Jtjj U»^jc jjlxjll ^-^Jj tA^JjaJl J 4_^.ll<Jl ^jl j-d j3 <C a jc AJjjjaixi J£ j) ^^-ixj I^A / aiala jjc. jj 

^jujU 11a l^jsuj . jLoVI *^Uj3 lilli j 4 jjS jj ^<JI jljiaJb S^tc Ai jjst^Jl j tojjL^Jl ^ixJU <xjIS laiaJj ^ixJl jli ttilli Jc S j^lc j .1 . lUall 

jli tUi ^jj-<» jc c^ajj LoUc . jjdtg-ll bAc- a\ : \aa\\ i^A^Lol] <Iajoj| jj ^j3jsu ^jj cjliUJ! j ^ixJI ."small world principle" 

1 j<j J JJ ^ 6^1 c_jj Jl CjLajL^a £A ^1^. cJ^^ cJ^^-*^ Vj <jAj3! (Jj-o CjjIjII jJ^xJl ^ ^I^JjojI Aic <Las.!}L<i jj£I ClljJJja 

.(U jjcj tAajJIj ^IRC ^Jliull Jjjjoj Jc) di> jjjVI cjU^k Jll^l j* U jjc J HTTP 

ALTERNATIVE DOMAIN ROOTS 

j^ j DNS £Mj£ ^^Luj jll Cj\£j^JI j^ ajs Jj jj^j 6 " rogue TLDs" ^ jj^Jl ^Alternative Domain Roots 

j*jja 4 k .. i^ t djlilkd! .<j^jliill [.com /.net /.org] ^Uail! j^ j^jUI Jc jj^ij 4 ICANN s J^^ 
Jc Jaxj Jll ^Louaj^JI Jc I^UjcI ^c5j^l ^S^^ j* .4 >^>>^* (named server) ^^jI ^1 ^h^u«l L-Alajj rouge TLD 
« [.bit domain]<S^ J ^ * malicious actors J J^^^ s jlSJ JSi jjSj jj^ j^l ^1 j^a 'DNS root J^-^ 

^lilaixi OJJaij ^aJJ 4_jj^jxJl CjUaLaJl £A (^\jul\ jxi V^JS >JJ.JJ> 3^"^ Jj? ' '^ C ' ^Jl J*^ ^ 4 jlj^J^U .P2P J-^ ^JJJ >JJ.JJ> 3^"^ 

.Ijj^ Skm^t cjliUa^U fJc Jc ^^Lk/^L J£ yj^aj J^ .[.bit DNS] ^jI^ AilS j* Ac ji^JI P2P J 
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o^j*i <TOR J^- Cf- ^ c> ^ ^ alternative DNS domains u' cs* 

ta^j^ll/cjlSlaUll ftjbl domain sinkholing ^ ajU^JI Ji* ^malicious actors ^->U^ A^aljll U>JI 

^\ <J jll jAixJI d±aJI til^p^J 4_iii3! 4_ia.U3l ^j£-<uJI <j| -^H jffi*^ d^J! til^a^* j^JI" t^jVl 

jl£ bjj tS^lc cj^j V i^UJ! DNS ^ j± fl^l^t? lUaluuj j 4 lW^ C5^) alternative DNS domains 

:AiUiil ALTERNATIVE DOMAIN ROOTS* U* 
j^l 11a J jll .bitcoins ^ P2P ^ ^ ■ [.bit TLD]c> J : Namecoin 

^ <j! jiixj DNS ^ J\ J dedicated DNS client <J\ £^ ^ J^> ^> 

jA\ c_jUill (Jjjia ^ j [.bit] ^jj^ ^-i^ala FreeSpeechMeo?^ ^l^iuit ^ «j 

.[.bit] ^Ijaj <-*j15 ^ lsj 1 ^ [http://www.freespeechme.org] Jtiil 

,[.cw] TLD cjISLLj ^^ki^i ^jjJUajVI jjuLlj^ll c> alternative DNS if- : Cesidian root 
(UMMOA) Jia^ L^i JiAj ^ill j ^UuJl Mr. Tallini's ^jj ^ j .[.6w] ,[.5w] ,[.ispsp] 
J£ ^ lUs Jj^ DNS f±\*J{&* 30 I^a j United Micronations Multioceanic Arcipelago 

http://cesidianroot.net <> .IPv6j IPv4 c> 

is* .[.academy - .big - .manifesto] Alternative TLD 482 ^ : Namespace.us 

^jjujI ciu^Sj 4<^H(JI Alternative TLD ^taUaj ^ (dja jll c*Ui ^J) « ^jjui £±^Ju ^ 1986 ^ ^ (JjjuJI 

UJ^ 1990 J^jt ( - ^ ^ ^ .JW^W Alkali Cjli t5ja.Vl CjU^JI ^ tCjlalkill oiA Jj^ i ^ <jLc; 

DNS 6 u^^ ^ISLkjll g\*Ji iS*M Jj* J'Jd V ^DNS root TLD cjISLLj 

.ICANN *USaJ» CjliUaj ^> J£ lU ^ lU*j ^1 

^ f^^ 5 c^! C5^ ( u^j^iJIj Hobbists I* jps DNS ^'j^ c> c> uj^ ^jj^i ^ :OpenNIC 

^^1 aSliA ^.^il AiLjaVU ,4_jj^JI ^liklj t^bVlj tl^_L<il (jUij 4^<Jai<JI 4->.»l-i>.» Jajjuj £*tier-2 DNS ^^^-^ 
^j! [14 TLDs] 14 tjlJ! ^ISLkslS L^i ^ DNS Jl ^ ^lill DNS ICANN root ■! DNS 

J Tibetan <^ V^U^ domain root ^ i-JaiJI ^ j <NewNations c> TLD cjliUaj 

.http://www.opennicproject.org cjUjIxJI ^> 
^1 L-iaallj ciLiUa Ak- Ia^j ^jl j ill ^1 I^ILujjI ^jj V c _^j3I j 4i j^JI ^1 j-^l l>« <c ^ j& ; Deep WebjA ^ 
^i^JI dijjSjVI (jSl j .net j.com (jUaill ^^>*j ^jaJ ^^UJI diijiiVI \& <qa^Lujj c ^j3I <jc ^ilik^ CjliLkj ^^inn l^iV t^aj 

Ia jjc. j ."bit j .i2p j. onion djlaUaj n>n <Jj CjlaUaill JiLo n>n V 

L ^ 

ofrmtr2fphxkqgz3.onion 

2^1 ^jaxJI <Jc ^.jjj AjjaiiaJI cIjIjjI^aII ^-!>LJI (Jio (^b jjoJI (jjjaJI) black market 6 ^ ^^'^^ AjLat^lL nt 

^jt ^iLloij ^lJcj CjliLJ! <^jLaui ^ i^jLaLj httpi// l!^ ^j^*-^^ **— ^ j^j^>^^ ^ laJLujj V IaU^Ij 6^.1 JL* iDarknet 

j& ^J^yil\ LjJjjllJ ^^yJl iS ^ c <>■> > >i 500 ^ ^> J^J ^j-tJl jl^xJl (j* ^>^^ ^3^^ ^ A-LaAl 

^j-o jjj^II ^aij lilj tl^JjJ^j 6^ C1jL<» jIslxJI Uiajl j;L<»JJj (Jj^la (jc 4Jj J jj^ jll (j^J c5^^ ^3^^ 

I1a <LLauj jl 5J j^aij ji dl jj jl ^j^j V diaall deep web j» invisible web ^ c> ^ ^ ^5-^ 



https://www.facebook.com/tibea2004 A^Ia ^^aa^a 



128 



j cjU jiilill ^lijl j dj|jjJdi<J! djUUj ^cl <Jla Databases ^-^W^ ^^u^ - * 

.^JjJl CjULj jjj^allj PDF 4_L^aj j;lsJl CjULJI 

.jljjiSall d3^U.j jjcI j jU^VI Dynamic data ^-^t 
. Twitter j Facebook 4^t*^VI J '^j^^ 

jA\ a£ jLSLa ^al^ J Bookmarks ^U*^ 

4_ja!>Lkl ^jjc. ^UjujI ^lx»I^)Jj (JjjjJ^- '"^j ^ 4_^JjojI 

^jjJLg jjc. ( fl>^JI .CjUaLuJlj ^JajJollj 4jU&j3I Cf 0 cl**^ jA <JJjoJI ^al till} e-Lljl ( fl^JI ^jl till JjSI 

djl a^Jl J jL^jVI^ .5-3 j^>x-<Jl A_l<JIsl!I j AjI^JI A^JjuJI Jc l& jjuU (j^-aJ V ^-C jl<ui dlLI jjj (j ^> > jl 4_ajoiIc. 4_^JjujI CjliL^a 

lS^ .Black Market's*^ (JjjuJI <jc SjUc- Igil a Jai& <*ial3 ^al ^11 tilts q\ (jjilaj V j 11a J ^ j& ^ cJ^ 

lajljll Jc^ U^j Jill 4_ijL^xJI <.& jj <j^l£ ^Ul^Vl j^t djlifxi ; Ji<» ^jU^ <*il ^3Ua UjL 

c2hluuzwi7tuceu6.onion 

JiLo ^q^^ <juj^)^a cJj^-^ w ; ^ 

http ://info mine.ucr.edu/ 

http://www.completeplanet.com/index.jsp 

http://vlib.org/ 

https :// archive.org/ 

http://clusty.com/ 

http://lookahead.surfwax.com/index-2011.html 

dark web fr^j ^jlaJ ^1 uujll gilj^ q^xj LuS 

http ://deepweblinks.org/ 

https://sites.google.com/site/howtoaccessthedeepnet/working-links-to-the-deep-web 

^l.com.gov.net.j^ l^j^I cjISLLj 

https://www.torproject.org/ 

Start Tor Browser.exe ^ ^ uj^ ^^j^^ -^-^ ^ ^ -1 
Onion-^-^*^ djlaLkj ^ l^J!>Lk ^ J^U nm jll Tor ^^j^j JL^ajVI ji^. jhVii j aJc iasuJalU ^1 -2 

(Jaxj tgio t^i j]| Xor jj^ ^f^j (jc- cii^JI t . <or. _Ujlilj ^ al^ll <il3 L_A ^juJj JU^jVI ^jj J^l -3 

^■Laaj jL^ajVI ^aJJ L_fl jjoj j J jVI 6J>JI J lAL^J 
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